Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Help with spyware removal after downloading a dvdShrink program


(!)

darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
17-Dec-2013, 06:02 PM #1
Help with spyware removal after downloading a dvdShrink program
Hi,

I'd be much appreciative of some help cleaning up my laptop. I recently installed a program that I needed to cut scenes from a dvd, it was called DVD-Shink or something similar.

Since the install, my browsers were hacked and the system is generally very slow and starts up with errors, on logging into windows. The browser would go to a different search engine (I solved that bit), and the problems generally remain.

here are the logs requested:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:53:15, on 17/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Dave\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...1830256455&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files (x86)\BrowseSmart\BrowseSmartbho.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Dropbox.lnk = Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdi...rontdoorFD.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/UK/...cueControl.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update BrowseSmart - Unknown owner - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe
O23 - Service: Util BrowseSmart - Unknown owner - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17402 bytes




____


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Dave at 20:53:36 on 2013-12-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2222 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: BrowseSmart: {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files (x86)\BrowseSmart\BrowseSmartbho.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll
uRun: [AdobeBridge] <no file>
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dr opbox.lnk - C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/UK/TechConsole/x86/RescueControl.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\3414E454F53594D4B4F46514 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\35B4953323543373 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\4514C4B44514C4B4D2646403544344 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\4516C6B64516C6B6A616561623 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\8353F5255737B696E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\C6F676963747963637 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{BD3DE3BF-10B8-4DE8-A1ED-12DBDAE4E8F5} : DHCPNameServer = 172.31.254.249
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Dave\AppData\Roaming\ACEStream\player\npace_plugin.dll
FF - plugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\ext ensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\ext ensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-12-11 21:08; {f9d03c26-0575-497e-821d-f7956d23e0ca}; C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\ext ensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=& q=
FF - user.js: extensions.mysearchdial.id - EC9A7461F89B687A
FF - user.js: extensions.mysearchdial.instlDay - 16050
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.021:8:2
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - suma1202
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1830256455
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBt FtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: extensions.irmysearch.aflt - suma1202
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1830256455
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBt FtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-7-2 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-7-2 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-7-2 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131216.001\IDSviA64.sys [2013-12-17 521944]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-7-2 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-7-2 433752]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-19 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-12 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-12 2425960]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-7-2 144368]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-12 2656280]
R2 Update BrowseSmart;Update BrowseSmart;C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe [2013-12-6 66848]
R2 Util BrowseSmart;Util BrowseSmart;C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe [2013-12-14 66848]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-7 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-12 1860672]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-12 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HP8107Fltr;HP-HP8107;C:\Windows\System32\drivers\HP8107.sys [2010-2-4 13824]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-12 339048]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-22 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-14 11:26:24 -------- d-----w- C:\Users\Dave\AppData\Local\{500E3E2F-A7F0-46F1-9A64-6C0B5D71CE83}
2013-12-11 22:46:08 -------- d-----r- C:\Users\Dave\Google Drive
2013-12-11 21:35:56 -------- d-----w- C:\Users\Dave\AppData\Local\{100D03AB-E66A-49A0-AAC2-42B90AD08728}
2013-12-11 21:09:42 -------- d-----w- C:\Users\Dave\AppData\Local\cache
2013-12-11 21:09:30 -------- d-----w- C:\Users\Dave\AppData\Local\Mobogenie
2013-12-11 21:09:23 -------- d-----w- C:\Users\Dave\AppData\Roaming\0S1F1O2Z0S2Y1H1T
2013-12-11 21:08:35 -------- d-----w- C:\Users\Dave\AppData\Roaming\Systweak
2013-12-11 21:08:31 20312 ----a-w- C:\Windows\System32\roboot64.exe
2013-12-11 21:08:26 -------- d-----w- C:\Program Files (x86)\Mobogenie
2013-12-11 21:08:22 -------- d-----w- C:\Program Files (x86)\BrowseSmart
2013-12-11 21:08:18 -------- d-----w- C:\Program Files (x86)\BonanzaDeals
2013-12-11 20:13:21 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 20:13:21 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 20:13:20 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 20:13:20 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 20:10:57 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-11 20:10:57 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-12-01 12:41:39 -------- d-----w- C:\Users\Dave\AppData\Local\assembly
2013-11-28 19:06:23 -------- d-----w- C:\Users\Dave\AppData\Local\{AF129B83-A48A-4C22-BC67-FD6B57753AE2}
2013-11-23 13:50:15 -------- d--h--w- C:\_acestream_cache_
2013-11-23 13:46:35 -------- d-----w- C:\Users\Dave\AppData\Roaming\.ACEStream
2013-11-23 13:46:10 -------- d-----w- C:\Users\Dave\AppData\Roaming\ACEStream
2013-11-19 19:30:59 -------- d-----w- C:\Users\Dave\AppData\Local\{A578F04B-94A6-41EB-ACB4-6ECEFAD5AF13}
.
==================== Find3M ====================
.
2013-12-10 21:31:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:31:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-08 07:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 20:54:17.37 ===============



____


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21/04/2012 10:32:28
System Uptime: 17/12/2013 20:23:05 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 166F
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU1 | 1175/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 572 GiB total, 305.062 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.148 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.074 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP135: 01/12/2013 12:37:49 - Installed Microsoft SQL Server 2012 PowerPivot for Excel 32-bit
RP136: 04/12/2013 08:20:50 - Windows Update
RP137: 11/12/2013 20:06:33 - Windows Update
RP138: 15/12/2013 08:08:38 - Windows Update
.
==== Installed Programs ======================
.
Ace Stream Media 2.1.10.2
Adobe AIR
Adobe Captivate 5
Adobe Captivate 6 (64 Bit)
Adobe Captivate Quiz Results Analyzer
Adobe Captivate Reviewer
Adobe Connect 9 Add-in
Adobe Creative Suite 5 Design Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Reader X (10.1.8) MUI
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Articulate Storyline
Ask Toolbar
Ask Toolbar Updater
AuthenTec TrueAPI
AvaCam v3.2.0
Bejeweled 3
Bing Bar
BIRT 0.96
Blackhawk Striker 2
Blio
Bonanza Deals (remove only)
Bonjour
BrowseSmart
Bundled software uninstaller
Chuzzle Deluxe
Cradle of Rome 2
Crystal Reports for Visual Studio
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dora's World Adventure
Dotfuscator Software Services - Community Edition
Dropbox
DVD Shrink Packages
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
FileZilla Client 3.6.0.2
Final Drive Fury
GanttProject
GlassFish Server Open Source Edition 3.1.2
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2542054)
Hoyle Card Games
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Software Framework
HP Support Assistant
IDT Audio
IIS 7.5 Express
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
IZArc 4.1.8
Java 7 Update 45
Java Auto Updater
Java(TM) 7 Update 3 (64-bit)
Java(TM) SE Development Kit 7 Update 3 (64-bit)
JavaFX 2.0.3 (64-bit)
JavaFX 2.0.3 SDK (64-bit)
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Letters from Nowhere 2
Light Image Resizer 4.3.1.0
Luxor HD
Magic Desktop
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Beta
Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 3
Microsoft ASP.NET Web Pages
Microsoft Help Viewer 1.0
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Command Line Utilities RC0
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB RC0
Microsoft SQL Server 2012 Management Objects RC0
Microsoft SQL Server 2012 Management Objects RC0 (x64)
Microsoft SQL Server 2012 Native Client RC0
Microsoft SQL Server 2012 PowerPivot for Excel 32-bit
Microsoft SQL Server 2012 T-SQL Language Service RC0
Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0
Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
Microsoft SQL Server Data Tools Build Utilities Mar 2012
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft System CLR Types for SQL Server 2012 RC0
Microsoft System CLR Types for SQL Server 2012 RC0 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Premium - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Macro Tools
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider Nov 2011
Microsoft Web Platform Installer 4.0
Microsoft(R) SQL Server Data Tools, RC0 - enu
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MWSnap 3
NetBeans IDE 7.1.1
Norton Internet Security
OpenProj
opensource
PandoraRecovery (Remove Only)
PDF Settings CS5
Penguins!
Picasa 3
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Prerequisites for SSDT RC0
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RollerCoaster Tycoon 3: Platinum
Secure Download Manager
Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype Click to Call
Skype™ 5.10
SopCast 3.5.0
Sql Server Customer Experience Improvement Program
SQL Server Data Framework Tools
swMSM
Synaptics TouchPad Driver
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
VIP Access SDK (1.1.0.4)
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WCF RIA Services V1.0 SP2
Web Deployment Tool
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/12/2013 21:00:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Update BrowseSmart service to connect.
12/12/2013 21:00:39, Error: Service Control Manager [7000] - The Update BrowseSmart service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2013 22:13:02, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================



___


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-17 21:51:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GS00 596.17GB
Running: jiykdpri.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kwldipow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb1000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002fb1011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

---- User code sections - GMER 2.1 ----

? C:\Windows\system32\mssprxy.dll [2016] entry point in ".rdata" section 000000006bcf71e6
.text C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[1500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
.text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[1500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
.text ... * 2

---- EOF - GMER 2.1 ----



Cheers

Kind Regards

D
darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
21-Dec-2013, 07:00 AM #2
Hi, Sorry to bump this but would really appreciate some guidance here.

Thanks

Dave
darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
26-Dec-2013, 05:59 AM #3
I'm now getting redirected to marketing websites and pop-up in all browsers.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,542 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
26-Dec-2013, 06:06 AM #4
Hiya darrius,

Run the following:

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

Double click zip file and extract to your Desktop:





you will now have 3 versions of the tool on the Desktop:




Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: [url] http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:





Copy and paste the following script from the code box and paste into the field.


Code:
standardsearch;
autoruns;
autoclean;
emptyclsid;
emptyalltemp;
installedprogs;

Select the "Run Script" tab. The following window will open:







Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do



Post the produced log in your next reply…..
darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
26-Dec-2013, 07:12 AM #5
part 1
Hey kevinf80,

Thanks for the help, much appreciated.

Here is the log from zoek:


Zoek.exe v5.0.0.0 Updated 23-December-2013
Tool run by Dave on 26/12/2013 at 10:29:53.14.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dave\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

26/12/2013 10:32:59 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{064E820E-9D35-4070-A635-F8E2F72A2589} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fe063412-bea4-4d76-8ed3-183be6220d17} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Installed Programs ======================

Ace Stream Media 2.1.10.2
Adobe AIR
Adobe Captivate 5
Adobe Captivate 6 (64 Bit)
Adobe Captivate Quiz Results Analyzer
Adobe Captivate Reviewer
Adobe Connect 9 Add-in
Adobe Creative Suite 5 Design Premium
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Reader X (10.1.8) MUI
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Articulate Storyline
Ask Toolbar
Ask Toolbar Updater
AuthenTec TrueAPI
AvaCam v3.2.0
Bejeweled 3
Bing Bar
BIRT 0.96
Blackhawk Striker 2
Blio
Bonanza Deals (remove only)
Bonjour
BrowseSmart
Chuzzle Deluxe
Cradle of Rome 2
Crystal Reports for Visual Studio
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dora's World Adventure
Dotfuscator Software Services - Community Edition
Dropbox
DVD Shrink Packages
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
Farmscapes
FATE
FileZilla Client 3.6.0.2
Final Drive Fury
GanttProject
GlassFish Server Open Source Edition 3.1.2
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2542054)
Hoyle Card Games
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP SimplePass PE 2011
HP Software Framework
HP Support Assistant
IDT Audio
IIS 7.5 Express
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.2.22.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
IZArc 4.1.8
Java 7 Update 45
Java Auto Updater
Java(TM) 7 Update 3 (64-bit)
Java(TM) SE Development Kit 7 Update 3 (64-bit)
JavaFX 2.0.3 (64-bit)
JavaFX 2.0.3 SDK (64-bit)
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Letters from Nowhere 2
Light Image Resizer 4.3.1.0
Luxor HD
Magic Desktop
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Beta
Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 3
Microsoft ASP.NET Web Pages
Microsoft Help Viewer 1.0
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Command Line Utilities RC0
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB RC0
Microsoft SQL Server 2012 Management Objects RC0
Microsoft SQL Server 2012 Management Objects RC0 (x64)
Microsoft SQL Server 2012 Native Client RC0
Microsoft SQL Server 2012 PowerPivot for Excel 32-bit
Microsoft SQL Server 2012 T-SQL Language Service RC0
Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0
Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
Microsoft SQL Server Data Tools Build Utilities Mar 2012
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft System CLR Types for SQL Server 2012 RC0
Microsoft System CLR Types for SQL Server 2012 RC0 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Premium - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Macro Tools
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider Nov 2011
Microsoft Web Platform Installer 4.0
Microsoft(R) SQL Server Data Tools, RC0 - enu
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
More Games from HP Games
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MWSnap 3
NetBeans IDE 7.1.1
Norton Internet Security
OpenProj
opensource
PandoraRecovery (Remove Only)
PDF Settings CS5
Penguins
Picasa 3
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Prerequisites for SSDT RC0
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RollerCoaster Tycoon 3: Platinum
Secure Download Manager
Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)
Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Skype Click to Call
SkypeT 5.10
SopCast 3.5.0
Sql Server Customer Experience Improvement Program
SQL Server Data Framework Tools
swMSM
Synaptics TouchPad Driver
The Treasures of Mystery Island: The Ghost Ship
Torchlight
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
VIP Access SDK (1.1.0.4)
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WCF RIA Services V1.0 SP2
Web Deployment Tool
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol
Zuma's Revenge

==== Running Processes ======================

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Users\Dave\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\U til BrowseSmart deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util BrowseSmart deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util BrowseSmart deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util BrowseSmart deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\U pdate BrowseSmart deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update BrowseSmart deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Updat e BrowseSmart deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update BrowseSmart deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default

---- Lines mysearchdial removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtC
user_pref("extensions.mysearchdial.aflt", "suma1202");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutB tFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1
user_pref("extensions.mysearchdial.cr", "1830256455");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tz
user_pref("extensions.mysearchdial.id", "EC9A7461F89B687A");
user_pref("extensions.mysearchdial.instlDay", "16050");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:8:2");
---- Lines mysearchdial removed from user.js ----

user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=" );
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=" );
user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=& q=");
user_pref("extensions.mysearchdial.id", "EC9A7461F89B687A");
user_pref("extensions.mysearchdial.instlDay", "16050");
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:8:2");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.aflt", "suma1202");
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial.cr", "1830256455");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutB tFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "");
---- FireFox user.js and prefs.js backups ----

user_122013_1044_.backup
prefs_122013_1044_.backup

ProfilePath: C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default

---- Lines mysearchdial removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("browser.search.order.1", "Mysearchdial");
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtC
user_pref("extensions.mysearchdial.aflt", "suma1202");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutB tFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1
user_pref("extensions.mysearchdial.cntry", "GB");
user_pref("extensions.mysearchdial.cr", "1830256455");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614 ,3754950497,426401714,304628180
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "2E5B69DFE923DB0D3D1CCF3A87A78C8F");
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tz
user_pref("extensions.mysearchdial.id", "EC9A7461F89B687A");
user_pref("extensions.mysearchdial.instlDay", "16050");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.lastB", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0
user_pref("extensions.mysearchdial.lastVrsnTs", "");
user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0
user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"fa lse\",\"showSilent\":\"false\
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "{smplGrp}");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:8:2");
---- Lines mysearchdial modified from prefs.js ----

user_pref("extensions.enabledAddons", "%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e08-4474-a285-32
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
---- Lines mysearchdial removed from user.js ----

user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=" );
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=" );
user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=& q=");
user_pref("extensions.mysearchdial.id", "EC9A7461F89B687A");
user_pref("extensions.mysearchdial.instlDay", "16050");
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:8:2");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.aflt", "suma1202");
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial.cr", "1830256455");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutB tFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.defaultengine", "Ask.com");
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "");
---- FireFox user.js and prefs.js backups ----

user_122013_1044_.backup
prefs_122013_1044_.backup

==== Deleting Files \ Folders ======================

C:\Users\Dave\daemonprocess.txt deleted
C:\PROGRA~2\Mobogenie deleted
C:\PROGRA~2\BonanzaDeals deleted
C:\PROGRA~2\SopCast deleted
C:\Users\Dave\AppData\Roaming\Systweak deleted
C:\ProgramData\Ask deleted
C:\ProgramData\InstallMate deleted
C:\ProgramData\Package Cache deleted
C:\Users\Dave\AppData\Local\mysearchdial-speeddial.crx deleted
C:\Users\Dave\AppData\Local\Bundled software uninstaller deleted
C:\Users\Dave\AppData\Local\Mobogenie deleted
C:\Users\Dave\AppData\Local\cache deleted
C:\Users\Simonka\AppData\Local\APN deleted
C:\Users\wangzhisong\AppData\Local\Mobogenie deleted
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Dave\Downloads\SopCast-3.5.0.exe deleted
C:\Users\Dave\AppData\LocalLow\AskToolbar deleted
C:\Users\Simonka\AppData\LocalLow\AskToolbar deleted
C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted
C:\windows\SysNative\tasks\BonanzaDealsUpdate deleted
C:\Users\wangzhisong deleted
C:\Users\Dave\Documents\Mobogenie deleted
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\sea rchplugins\Mysearchdial.xml deleted
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\ext ensions\firefox@browsesmart.net.xpi deleted
C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\ searchplugins\askcom.xml deleted
C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\ searchplugins\Mysearchdial.xml deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Users\Dave\Downloads\wpsetup.exe deleted
C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\ extensions\ffxtlbr@mysearchdial.com deleted
C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\ extensions\toolbar@ask.com deleted
"C:\PROGRA~2\BrowseSmart\bin\sqlite3.dll" deleted
"C:\PROGRA~2\BrowseSmart\bin\utilBrowseSmart.exe" deleted
"C:\PROGRA~2\Ask.com\Updater\Updater.exe" deleted
"C:\PROGRA~2\BrowseSmart\bin\sqlite3.dll" deleted
"C:\PROGRA~2\BrowseSmart\bin\utilBrowseSmart.exe" deleted
"C:\PROGRA~2\BrowseSmart" not deleted
"C:\PROGRA~2\Ask.com" deleted
"C:\PROGRA~2\BrowseSmart" not deleted
"C:\PROGRA~2\BrowseSmart\bin" not deleted
"C:\PROGRA~2\Ask.com\Updater" deleted
"C:\PROGRA~2\BrowseSmart\bin" not deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4044 MB
CPU Info: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
CPU Speed: 2495.6 MHz
Sound Card: Speakers and Headphones (IDT Hi |
Communications Headphones (IDT |
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Ralink RT5390 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (F: | ) F: hp CDDVDW SN-208BB
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 572.2GB | D: 19.8GB | E: 4.0GB
Hard Disks - Free: C: 304.5GB | D: 2.1GB | E: 1.1GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE | 03/22/12 | HPQOEM - 1
Time Zone: GMT Standard Time
Motherboard *: Hewlett-Packard 166F
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Norton Internet Security disabled (Outdated)
Firewall: Norton Internet Security disabled
Default Browser: Firefox 25.0.1
Internet Explorer Version: 11.0.9600.16476
Mozilla Firefox version: 25.0.1 (x86 en-US)
Google Chrome version: 31.0.1650.63
Adobe Reader version: 10.1.8.24
Sun Java version: 1.7.0_45 (32-bit)
Sun Java version: 1.7.0_03 (64-bit)
Flash Player version: 11.9.900.170
Shockwave Player version: 11.6.1r629

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Dave\AppData\Local\Temp ====
2013-12-19 19:34:11 C3C077A40B42178B33A40E2D3D1BED3F 20133824 ----a-w- C:\Users\Dave\AppData\Local\Temp\tmpp1voj0\googledrivesync.exe
====== Java Cache =====
2013-11-28 19:49:35 D129C3FB5BB5E96477F8E28150B7C88E 37 ----a-w- C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\461b1b9b-6.0.lap
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-12-10 20:04:30 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys
2013-12-10 20:04:30 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-12-11 21:08:22 -------- d-----w- C:\PROGRA~2\BrowseSmart
======= C: =====
2013-12-11 21:21:32 201BA1774F03994AE3A79C38A006D87C 3024 ----a-w- C:\{8DF8DD75-F63D-4F12-8624-9E14EFC045B4}
2013-12-07 14:24:34 F2CBB3B2181CADF421858B422E77D4A7 2688 ----a-w- C:\{BB20385E-C8BE-4DF7-ABE6-DC8B5B47F042}
====== C:\Users\Dave\AppData\Roaming ======
2013-12-19 19:35:02 -------- d-----w- C:\Users\Default\AppData\Local\Google
2013-12-19 19:35:02 -------- d-----w- C:\Users\Default User\AppData\Local\Google
2013-12-11 21:09:23 -------- d-----w- C:\Users\Dave\AppData\Roaming\0S1F1O2Z0S2Y1H1T
====== C:\Users\Dave ======
2013-12-15 22:02:22 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Dave\Desktop\jiykdpri.exe
2013-12-11 22:46:08 -------- d-----r- C:\Users\Dave\Google Drive
2013-12-11 22:44:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2013-12-10 20:33:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

====== C: exe-files ==
2013-12-19 19:34:11 C3C077A40B42178B33A40E2D3D1BED3F 20133824 ----a-w- C:\Users\Dave\AppData\Local\Temp\tmpp1voj0\googledrivesync.exe
=== C: other files ==
2013-12-26 08:52:45 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Dave\AppData\Local\Temp\_MEI47122\resources\chrome_ext\apdfllckaah abafndbhieahigkjlhalf_live.crx
2013-12-19 19:35:11 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Dave\AppData\Local\Temp\_MEI34962\resources\chrome_ext\apdfllckaah abafndbhieahigkjlhalf_live.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2013-01-05 19:47:00 1047 ----a-w- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\HPCeeScheduleForDave.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 11:43]
C:\Windows\tasks\HPCeeScheduleForSimonka.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Home-HP-Dave" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Home-HP-Simonka" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForDave" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForSimonka" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe"]
"C:\Windows\SysNative\tasks\SetupManager" ["C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{635AEB16-CEEA-4EEB-B499-F2719026EF78}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B1038EC6-A4BB-43E7-8CA8-5DF2B5E73BB6}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{BCA73DF3-6904-41A5-9703-D26DFC278BAD}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F45F8AF9-EF0C-4D52-BC37-3C9498ED2534}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask " [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn" [26/12/2013 08:51]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default
- IE Tab 2 FF 3.6 - %ProfilePath%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
- MySearchDial NewTab - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
- BonanzaDeals - %ProfilePath%\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}

ProfilePath: C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default
- MySearchDial NewTab - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\extensions\firefoxevents@articulate.com
- TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
C694F47FB5870679B9C0D8D4BE97556B - C:\Users\Dave\AppData\Roaming\ACEStream\player\npace_plugin.dll - Ace Stream P2P Multimedia Plug-in
E07CABED038DF9993618431258E34238 - C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll - WPI Detector 1.5
F556A64AB2DB1BD834E7C89CE211516B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director


==== Deleted Firefox Extensions ======================

C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\ext ensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} deleted
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\ext ensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} deleted
C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\ extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bfmogjcijkfeahcajecmmegieipfbdcc - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[18/08/2011 07:51]
ippenodjaoidmkkfdlmdhofiebnpjddb - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[28/11/2013 13:56]
pflphaooapbgpeakohlggbpidpppgdff - C:\Users\Dave\AppData\Local\mysearchdial-speeddial.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Dave\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_l ive.crx[11/12/2013 22:45]
pflphaooapbgpeakohlggbpidpppgdff - C:\Users\Dave\AppData\Local\mysearchdial-speeddial.crx[]

Website Logon - Dave - Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc
BonanzaDeals - Dave - Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Norton Identity Protection - Dave - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Dave - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Website Logon - Simonka - Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc
YouTube - Simonka - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Simonka - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Identity Protection - Simonka - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Gmail - Simonka - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippenodjaoidmkkfdlmdhofiebnpjddb_0.localstorage deleted successfully
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage deleted successfully
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj deleted successfully
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ieadcoanfjloocmfafkebdnfefmohngj_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.co.uk"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir="
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu 0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.co.uk"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{D707DAF7-8609-4AA8-9A6E-F53BF9E725C6}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={ outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}"
{D707DAF7-8609-4AA8-9A6E-F53BF9E725C6} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} deleted successfully
HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} deleted successfully

-----> end of part 1
darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
26-Dec-2013, 07:12 AM #6
part 2
cont....


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{302 A1E2E-DD58-4673-BC99-9CC10EC2637A} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionIns tallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ippenodjao idmkkfdlmdhofiebnpjddb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pflphaooap bgpeakohlggbpidpppgdff deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggb pidpppgdff deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbp idpppgdff deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Un install\bi_uninstaller deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Un install\Bonanza Deals deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdi...rontdoorFD.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/UK/...cueControl.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Sysinternals Autoruns Log ======================

HKLM\System\CurrentControlSet\Services
AdobeARMservice
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Adobe Acrobat Updater keeps your Adobe software up to date.
Adobe Systems Incorporated
1.7.4.0
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
04/04/2013 21:05
AdobeFlashPlayerUpdateSvc
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
Adobe Systems Incorporated
11.9.900.170
c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
01/12/2013 18:09
Apple Mobile Device
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Provides the interface to Apple mobile devices.
Apple Inc.
17.89.0.12
c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
19/01/2012 18:31
Bonjour Service
"C:\Program Files\Bonjour\mDNSResponder.exe"
Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
Apple Inc.
3.0.0.10
c:\program files\bonjour\mdnsresponder.exe
31/08/2011 05:52
ezSharedSvc
C:\Windows\System32\ezSharedSvcHost.exe
Provides licensing, security and parental control services for EasyBits applications. If this service is stopped or disabled, these applications will not function properly.
EasyBits Software AS
5.0.0.101
c:\windows\syswow64\ezsharedsvchost.exe
19/06/1992 22:22
FPLService
"C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe"
Provides convenient and secure fingerprint authentication and identity management.
HP
5.3.0.264
c:\program files (x86)\hp simplepass 2011\truesuiteservice.exe
19/08/2011 09:35
GamesAppService
"C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
WT Games App Services
WildTangent, Inc.
4.0.4918.0
c:\program files (x86)\wildtangent games\app\gamesappservice.exe
04/10/2010 22:15
gupdate
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Google Inc.
1.2.183.21
c:\program files (x86)\google\update\googleupdate.exe
09/03/2010 06:10
gupdatem
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Google Inc.
1.2.183.21
c:\program files (x86)\google\update\googleupdate.exe
09/03/2010 06:10
gusvc
"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
gusvc
Google
2.0.711.37800
c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
14/12/2006 05:55
HP Support Assistant Service
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
HP Support Assistant Service
Hewlett-Packard Company
7.0.39.14
c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
27/09/2012 11:55
HPClientSvc
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
HP Client Services
Hewlett-Packard Company
1.1.0.3539
c:\program files\hewlett-packard\hp client services\hpclientservices.exe
11/10/2010 09:47
HPDrvMntSvc.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
HP Quick Synchronization Service
Hewlett-Packard Company
4.6.10.1
c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe
06/09/2012 15:24
hpqwmiex
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
HP Software Framework WMI Service
Hewlett-Packard Company
4.6.10.1
c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
06/09/2012 15:18
HPWMISVC
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
HP Quick Launch WMI Service
Hewlett-Packard Development Company, L.P.
2.7.1.0
c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe
05/03/2012 05:32
IAStorDataMgrSvc
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
Provides storage event notification and manages communication between the storage driver and user space applications.
Intel Corporation
10.5.0.1027
c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
30/04/2011 07:28
IconMan_R
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
Realtek Card Reader Icon Tool.
Realsil Microelectronics Inc.
1.3.9.1
c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe
31/08/2011 08:28
iPod Service
"C:\Program Files\iPod\bin\iPodService.exe"
iPod hardware management services
Apple Inc.
10.6.1.7
c:\program files\ipod\bin\ipodservice.exe
27/03/2012 11:29
jhi_service
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
Intel(R) Identity Protection Technology Host Interface Service - Allows applications to access the local Intel Identity Protection Technology
Intel Corporation
1.2.22.0
c:\program files (x86)\intel\services\ipt\jhi_service.exe
28/09/2011 23:00
LMS
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces.
Intel Corporation
7.1.3.1053
c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
01/02/2011 21:26
MozillaMaintenance
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
Mozilla Foundation
25.0.1.5064
c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
13/11/2013 01:14
NIS
"C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll" /prefetch:1
Norton Internet Security
Symantec Corporation
12.3.3.2
c:\program files (x86)\norton internet security\engine\20.4.0.40\ccsvchst.exe
20/05/2013 23:25
SkypeUpdate
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
Enables the detection, download and installation of updates for Skype.
Skype Technologies
5.10.1.44067
c:\program files (x86)\skype\updater\updater.exe
13/07/2012 12:28
STacSV
C:\Program Files\IDT\WDM\STacSV64.exe
Manages audio jack configurations.
IDT, Inc.
1.0.6365.0
c:\program files\idt\wdm\stacsv64.exe
08/09/2011 11:00
SwitchBoard
"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
SwitchBoard Server (32 bit)
Adobe Systems Incorporated
2.0.13.7486
c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
19/02/2010 20:50
UNS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device.
Intel Corporation
7.1.3.1053
c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
01/02/2011 21:30

HKLM\System\CurrentControlSet\Services
adp94xx
\SystemRoot\system32\drivers\adp94xx.sys
Adaptec Windows SAS/SATA Storport Driver
Adaptec, Inc.
1.6.6.4
c:\windows\system32\drivers\adp94xx.sys
05/12/2008 23:54
adpahci
\SystemRoot\system32\drivers\adpahci.sys
Adaptec Windows SATA Storport Driver
Adaptec, Inc.
1.6.6.1
c:\windows\system32\drivers\adpahci.sys
01/05/2007 17:30
adpu320
\SystemRoot\system32\drivers\adpu320.sys
Adaptec StorPort Ultra320 SCSI Driver (X64)
Adaptec, Inc.
7.2.0.0
c:\windows\system32\drivers\adpu320.sys
28/02/2007 00:04
aliide
\SystemRoot\system32\drivers\aliide.sys
ALi mini IDE Driver
Acer Laboratories Inc.
1.2.0.0
c:\windows\system32\drivers\aliide.sys
13/07/2009 23:19
amdsata
\SystemRoot\system32\drivers\amdsata.sys
AHCI 1.2 Device Driver
Advanced Micro Devices
1.1.2.5
c:\windows\system32\drivers\amdsata.sys
19/03/2010 00:45
amdsbs
\SystemRoot\system32\drivers\amdsbs.sys
AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
AMD Technologies Inc.
3.6.1540.127
c:\windows\system32\drivers\amdsbs.sys
20/03/2009 18:36
amdxata
system32\drivers\amdxata.sys
Storage Filter Driver
Advanced Micro Devices
1.1.2.5
c:\windows\system32\drivers\amdxata.sys
19/03/2010 16:18
arc
\SystemRoot\system32\drivers\arc.sys
Adaptec RAID Storport Driver
Adaptec, Inc.
5.2.0.10384
c:\windows\system32\drivers\arc.sys
24/05/2007 21:27
arcsas
\SystemRoot\system32\drivers\arcsas.sys
Adaptec SAS RAID WS03 Driver
Adaptec, Inc.
5.2.0.16119
c:\windows\system32\drivers\arcsas.sys
14/01/2009 19:27
b06bdrv
\SystemRoot\system32\drivers\bxvbda.sys
Broadcom NetXtreme II GigE VBD
Broadcom Corporation
4.8.2.0
c:\windows\system32\drivers\bxvbda.sys
13/02/2009 22:18
b57nd60a
system32\DRIVERS\b57nd60a.sys
Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
Broadcom Corporation
10.100.4.0
c:\windows\system32\drivers\b57nd60a.sys
26/04/2009 11:14
BCM43XX
system32\DRIVERS\bcmwl664.sys
Broadcom 802.11 Network Adapter wireless driver
Broadcom Corporation
4.176.75.18
c:\windows\system32\drivers\bcmwl664.sys
27/03/2009 01:06
BHDrvx64
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys
SONAR Engine Driver
Symantec Corporation
8.1.0.17
c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\bashdefs\20131203.001\bhdrvx64.sys
27/11/2013 06:18
BrFiltLo
\SystemRoot\system32\drivers\BrFiltLo.sys
Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver
Brother Industries, Ltd.
1.10.0.2
c:\windows\system32\drivers\brfiltlo.sys
07/08/2006 01:51
BrFiltUp
\SystemRoot\system32\drivers\BrFiltUp.sys
Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver
Brother Industries, Ltd.
1.4.0.1
c:\windows\system32\drivers\brfiltup.sys
07/08/2006 01:51
Brserid
\SystemRoot\System32\Drivers\Brserid.sys
Brotehr Serial I/F Driver (WDM)
Brother Industries Ltd.
1.0.1.6
c:\windows\system32\drivers\brserid.sys
07/08/2006 01:51
BrSerWdm
\SystemRoot\System32\Drivers\BrSerWdm.sys
Brother Serial driver (WDM version)
Brother Industries Ltd.
1.0.0.20
c:\windows\system32\drivers\brserwdm.sys
07/08/2006 01:51
BrUsbMdm
\SystemRoot\System32\Drivers\BrUsbMdm.sys
Brother USB MDM Driver
Brother Industries Ltd.
1.0.0.12
c:\windows\system32\drivers\brusbmdm.sys
07/08/2006 01:51
BrUsbSer
\SystemRoot\System32\Drivers\BrUsbSer.sys
Brother USB Serial Driver
Brother Industries Ltd.
1.0.1.3
c:\windows\system32\drivers\brusbser.sys
09/08/2006 12:11
ccSet_NIS
\SystemRoot\system32\drivers\NISx64\1404000.028\ccSetx64.sys
Common Client Settings Driver
Symantec Corporation
12.3.2.3
c:\windows\system32\drivers\nisx64\1404000.028\ccsetx64.sys
22/03/2013 03:02
clwvd
system32\DRIVERS\clwvd.sys
CyberLink WebCam Virtual Driver
CyberLink Corporation
1.0.0.0
c:\windows\system32\drivers\clwvd.sys
28/07/2010 01:13
cmdide
\SystemRoot\system32\drivers\cmdide.sys
CMD PCI IDE Bus Driver
CMD Technology, Inc.
2.0.7.0
c:\windows\system32\drivers\cmdide.sys
13/07/2009 23:19
ebdrv
\SystemRoot\system32\drivers\evbda.sys
Broadcom NetXtreme II 10 GigE VBD
Broadcom Corporation
4.8.13.0
c:\windows\system32\drivers\evbda.sys
31/12/2008 16:29
eeCtrl
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
Symantec Eraser Control Driver
Symantec Corporation
113.1.2.11
c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys
09/10/2013 20:50
elxstor
\SystemRoot\system32\drivers\elxstor.sys
Storport Miniport Driver for LightPulse HBAs
Emulex
7.2.10.211
c:\windows\system32\drivers\elxstor.sys
03/02/2009 22:52
EraserUtilRebootDrv
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Symantec Eraser Utility Driver
Symantec Corporation
113.1.2.11
c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys
09/10/2013 20:50
GEARAspiWDM
system32\DRIVERS\GEARAspiWDM.sys
CD DVD Filter
GEAR Software Inc.
2.2.0.1
c:\windows\system32\drivers\gearaspiwdm.sys
18/05/2009 12:17
hcw85cir
\SystemRoot\system32\drivers\hcw85cir.sys
Hauppauge WinTV 885 Consumer IR Driver for eHome
Hauppauge Computer Works, Inc.
1.31.27127.0
c:\windows\system32\drivers\hcw85cir.sys
11/05/2009 08:26
HP8107Fltr
system32\DRIVERS\HP8107.sys
Copyright (c) 2010 HP
Windows (R) Win 7 DDK provider
1.12.7600.16385
c:\windows\system32\drivers\hp8107.sys
04/02/2010 08:20
HpSAMD
\SystemRoot\system32\drivers\HpSAMD.sys
Smart Array SAS/SATA Controller Media Driver
Hewlett-Packard Company
6.12.6.64
c:\windows\system32\drivers\hpsamd.sys
20/04/2010 18:32
iaStor
system32\DRIVERS\iaStor.sys
Intel Rapid Storage Technology driver - x64
Intel Corporation
10.5.0.1026
c:\windows\system32\drivers\iastor.sys
26/04/2011 18:06
iaStorV
\SystemRoot\system32\drivers\iaStorV.sys
Intel Matrix Storage Manager driver - x64
Intel Corporation
8.6.2.1014
c:\windows\system32\drivers\iastorv.sys
11/06/2010 00:46
IDSVia64
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131225.001\IDSvia64.sys
Symantec Intrusion Prevention Driver
Symantec Corporation
12.0.4.5
c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\ipsdefs\20131225.001\idsvia64.sys
06/12/2013 01:53
igfx
system32\DRIVERS\igdkmd64.sys
Intel Graphics Kernel Mode Driver
Intel Corporation
8.15.10.2559
c:\windows\system32\drivers\igdkmd64.sys
21/10/2011 17:29
iirsp
\SystemRoot\system32\drivers\iirsp.sys
Intel/ICP Raid Storport Driver
Intel Corp./ICP vortex GmbH
5.4.22.0
c:\windows\system32\drivers\iirsp.sys
13/12/2005 21:47
IntcDAud
system32\DRIVERS\IntcDAud.sys
Intel(R) Display Audio Driver
Intel(R) Corporation
6.14.0.3086
c:\windows\system32\drivers\intcdaud.sys
23/08/2011 13:12
LSI_FC
\SystemRoot\system32\drivers\lsi_fc.sys
LSI Fusion-MPT FC Driver (StorPort)
LSI Corporation
1.28.3.52
c:\windows\system32\drivers\lsi_fc.sys
09/12/2008 22:46
LSI_SAS
\SystemRoot\system32\drivers\lsi_sas.sys
LSI Fusion-MPT SAS Driver (StorPort)
LSI Corporation
1.28.3.52
c:\windows\system32\drivers\lsi_sas.sys
19/05/2009 00:20
LSI_SAS2
\SystemRoot\system32\drivers\lsi_sas2.sys
LSI SAS Gen2 Driver (StorPort)
LSI Corporation
2.0.2.71
c:\windows\system32\drivers\lsi_sas2.sys
19/05/2009 00:31
LSI_SCSI
\SystemRoot\system32\drivers\lsi_scsi.sys
LSI Fusion-MPT SCSI Driver (StorPort)
LSI Corporation
1.28.3.67
c:\windows\system32\drivers\lsi_scsi.sys
16/04/2009 22:13
megasas
\SystemRoot\system32\drivers\megasas.sys
MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64
LSI Corporation
4.5.1.64
c:\windows\system32\drivers\megasas.sys
19/05/2009 01:09
MegaSR
\SystemRoot\system32\drivers\MegaSR.sys
LSI MegaRAID Software RAID Driver
LSI Corporation, Inc.
13.5.409.2009
c:\windows\system32\drivers\megasr.sys
19/05/2009 01:25
MEIx64
system32\DRIVERS\HECIx64.sys
Intel(R) Management Engine Interface
Intel Corporation
7.0.0.1144
c:\windows\system32\drivers\hecix64.sys
19/10/2010 23:33
NAVENG
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131225.025\ENG64.SYS
AV Engine
Symantec Corporation
20131.1.5.61
c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\virusdefs\20131225.025\eng64.sys
22/08/2013 20:38
NAVEX15
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131225.025\EX64.SYS
AV Engine
Symantec Corporation
20131.1.5.61
c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\virusdefs\20131225.025\ex64.sys
22/08/2013 20:36
netr28x
system32\DRIVERS\netr28x.sys
Ralink 802.11 Wireless Adapter Driver
Ralink Technology, Corp.
3.2.13.0
c:\windows\system32\drivers\netr28x.sys
12/04/2012 11:44
nfrd960
\SystemRoot\system32\drivers\nfrd960.sys
IBM ServeRAID Controller Driver
IBM Corporation
7.10.0.0
c:\windows\system32\drivers\nfrd960.sys
06/06/2006 21:11
NVENETFD
system32\DRIVERS\nvm62x64.sys
NVIDIA MCP Networking Function Driver.
NVIDIA Corporation
1.0.1.210
c:\windows\system32\drivers\nvm62x64.sys
17/10/2008 21:01
nvraid
\SystemRoot\system32\drivers\nvraid.sys
NVIDIA© nForce(TM) RAID Driver
NVIDIA Corporation
10.6.0.18
c:\windows\system32\drivers\nvraid.sys
19/03/2010 20:59
nvstor
\SystemRoot\system32\drivers\nvstor.sys
NVIDIA© nForce(TM) Sata Performance Driver
NVIDIA Corporation
10.6.0.18
c:\windows\system32\drivers\nvstor.sys
19/03/2010 20:45
ql2300
\SystemRoot\system32\drivers\ql2300.sys
QLogic Fibre Channel Stor Miniport Driver
QLogic Corporation
9.1.8.6
c:\windows\system32\drivers\ql2300.sys
22/01/2009 23:05
ql40xx
\SystemRoot\system32\drivers\ql40xx.sys
QLogic iSCSI Storport Miniport Driver
QLogic Corporation
2.1.3.20
c:\windows\system32\drivers\ql40xx.sys
19/05/2009 01:18
RSPCIESTOR
system32\DRIVERS\RtsPStor.sys
Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7
Realtek Semiconductor Corp.
6.1.7601.85
c:\windows\system32\drivers\rtspstor.sys
02/09/2011 03:24
RTL8167
system32\DRIVERS\Rt64win7.sys
Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver
Realtek
7.48.823.2011
c:\windows\system32\drivers\rt64win7.sys
23/08/2011 13:55
secdrv
secdrv
Macrovision SECURITY Driver
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
4.3.86.0
c:\windows\system32\drivers\secdrv.sys
13/09/2006 13:18
SiSRaid2
\SystemRoot\system32\drivers\SiSRaid2.sys
SiS RAID Stor Miniport Driver
Silicon Integrated Systems Corp.
5.1.1039.2600
c:\windows\system32\drivers\sisraid2.sys
24/09/2008 18:28
SiSRaid4
\SystemRoot\system32\drivers\sisraid4.sys
SiS AHCI Stor-Miniport Driver
Silicon Integrated Systems
5.1.1039.3600
c:\windows\system32\drivers\sisraid4.sys
01/10/2008 21:56
SRTSP
\SystemRoot\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS
Symantec AutoProtect
Symantec Corporation
14.4.1.1
c:\windows\system32\drivers\nisx64\1404000.028\srtsp64.sys
22/04/2013 22:26
SRTSPX
\SystemRoot\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS
Symantec AutoProtect
Symantec Corporation
14.3.0.31
c:\windows\system32\drivers\nisx64\1404000.028\srtspx64.sys
25/01/2013 21:30
SrvHsfHDA
system32\DRIVERS\VSTAZL6.SYS
HSF_HWAZL WDM driver
Conexant Systems, Inc.
7.80.2.0
c:\windows\system32\drivers\vstazl6.sys
16/10/2008 00:53
SrvHsfV92
system32\DRIVERS\VSTDPV6.SYS
HSF_DP driver
Conexant Systems, Inc.
7.80.2.0
c:\windows\system32\drivers\vstdpv6.sys
16/10/2008 00:57
SrvHsfWinac
system32\DRIVERS\VSTCNXT6.SYS
HSF_CNXT driver
Conexant Systems, Inc.
7.80.2.0
c:\windows\system32\drivers\vstcnxt6.sys
16/10/2008 00:52
stexstor
\SystemRoot\system32\drivers\stexstor.sys
Promise SuperTrak EX Series Driver for Windows
Promise Technology
5.0.1.1
c:\windows\system32\drivers\stexstor.sys
17/02/2009 23:03
STHDA
system32\DRIVERS\stwrt64.sys
IDT PC Audio
IDT, Inc.
6.10.6365.0
c:\windows\system32\drivers\stwrt64.sys
08/09/2011 10:48
SymDS
system32\drivers\NISx64\1404000.028\SYMDS64.SYS
Symantec Data Store
Symantec Corporation
2.2.1.10
c:\windows\system32\drivers\nisx64\1404000.028\symds64.sys
25/04/2013 23:19
SymEFA
system32\drivers\NISx64\1404000.028\SYMEFA64.SYS
Symantec Extended File Attributes
Symantec Corporation
4.2.0.53
c:\windows\system32\drivers\nisx64\1404000.028\symefa64.sys
19/01/2013 00:31
SymEvent
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
Symantec Event Library
Symantec Corporation
12.9.3.1
c:\windows\system32\drivers\symevent64x86.sys
22/08/2012 05:33
SymIRON
\SystemRoot\system32\drivers\NISx64\1404000.028\Ironx64.SYS
Iron Driver
Symantec Corporation
3.1.0.11
c:\windows\system32\drivers\nisx64\1404000.028\ironx64.sys
24/07/2012 00:34
SymNetS
\SystemRoot\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS
Network Security Driver
Symantec Corporation
13.1.1.7
c:\windows\system32\drivers\nisx64\1404000.028\symnets.sys
09/04/2013 23:24
SynTP
system32\DRIVERS\SynTP.sys
Synaptics Touchpad Driver
Synaptics Incorporated
15.3.11.0
c:\windows\system32\drivers\syntp.sys
10/06/2011 00:15
USBAAPL64
System32\Drivers\usbaapl64.sys
Apple Mobile Device USB Driver
Apple, Inc.
1.59.0.0
c:\windows\system32\drivers\usbaapl64.sys
11/01/2012 00:56
viaide
\SystemRoot\system32\drivers\viaide.sys
VIA Generic PCI IDE Bus Driver
VIA Technologies, Inc.
6.0.6000.170
c:\windows\system32\drivers\viaide.sys
13/07/2009 23:19
vsmraid
\SystemRoot\system32\drivers\vsmraid.sys
VIA RAID DRIVER FOR AMD-X86-64
VIA Technologies Inc.,Ltd
6.0.6000.6210
c:\windows\system32\drivers\vsmraid.sys
31/01/2009 01:18

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
igfxcui
igfxdev.dll
igfxdev Module
Intel Corporation
8.15.10.2559
c:\windows\system32\igfxdev.dll
21/10/2011 16:57

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Epson Inbox Language Monitor01
EP0SLM01.DLL
Epson Printer Driver
SEIKO EPSON CORPORATION
1.0.0.0
c:\windows\system32\ep0slm01.dll
14/07/2009 01:29

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalo g5\Catalog_Entries
mdnsNSP
C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour Namespace Provider
Apple Inc.
3.0.0.10
c:\program files (x86)\bonjour\mdnsnsp.dll
31/08/2011 05:44

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalo g5\Catalog_Entries64
mdnsNSP
C:\Program Files\Bonjour\mdnsNSP.dll
Bonjour Namespace Provider
Apple Inc.
3.0.0.10
c:\program files\bonjour\mdnsnsp.dll
31/08/2011 05:53

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
rdpclip
rdpclip
File not found: rdpclip


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Synaptics TouchPad Enhancements
Synaptics Incorporated
15.3.11.0
c:\program files\synaptics\syntp\syntpenh.exe
10/06/2011 00:50
SysTrayApp
C:\Program Files\IDT\WDM\sttray64.exe
IDT PC Audio
IDT, Inc.
1.0.6365.0
c:\program files\idt\wdm\sttray64.exe
08/09/2011 11:01
SetDefault
C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
SetDefault
Hewlett-Packard Development Company, L.P.
1.1.5.0
c:\program files\hewlett-packard\hp launchbox\setdefault.exe
19/12/2011 15:29
AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Adobe Updater Startup Utility
Adobe Systems Incorporated
6.2.0.1
c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
09/04/2012 11:13
IgfxTray
C:\Windows\system32\igfxtray.exe
igfxTray Module
Intel Corporation
8.15.10.2559
c:\windows\system32\igfxtray.exe
21/10/2011 16:58
HotKeysCmds
C:\Windows\system32\hkcmd.exe
hkcmd Module
Intel Corporation
8.15.10.2559
c:\windows\system32\hkcmd.exe
21/10/2011 16:58
Persistence
C:\Windows\system32\igfxpers.exe
persistence Module
Intel Corporation
8.15.10.2559
c:\windows\system32\igfxpers.exe
21/10/2011 16:58

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HPQuickWebProxy
"C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
HP QuickWeb Utilities
Hewlett-Packard Company
3.1.1.10197
c:\program files (x86)\hewlett-packard\hp quickweb\hpqwutils.exe
07/10/2011 11:09
Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Adobe Reader and Acrobat Manager
Adobe Systems Incorporated
1.7.4.0
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
04/04/2013 21:05
HPOSD
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
HP On Screen Display
Hewlett-Packard Development Company, L.P.
1.3.5.0
c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe
19/08/2011 06:48
Easybits Recovery
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
EasyBits Software AS
3.0.0.5
c:\program files (x86)\easybits for kids\ezrecover.exe
19/06/1992 22:22
WinPatrol
C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
WinPatrol System Monitor
BillP Studios
24.6.2012.0
c:\program files (x86)\billp studios\winpatrol\winpatrol.exe
15/04/2012 21:04
AdobeCS5ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
Adobe CS5 Service Manager
Adobe Systems Incorporated
5.0.1.134
c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe
22/07/2010 20:10
SwitchBoard
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SwitchBoard Server (32 bit)
Adobe Systems Incorporated
2.0.13.7486
c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
19/02/2010 20:50
APSDaemon
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Apple Push
Apple Inc.
2.2.9.2
c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
17/04/2013 03:13
iTunesHelper
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
iTunesHelper
Apple Inc.
10.6.1.7
c:\program files (x86)\itunes\ituneshelper.exe
27/03/2012 11:28
HP Quick Launch
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HP Message Service
Hewlett-Packard Development Company, L.P.
2.7.2.0
c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe
05/03/2012 05:32
AdobeCS6ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Adobe CS6 Service Manager
Adobe Systems Incorporated
3.0.0.389
c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe
09/03/2012 15:25
ApnUpdater
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
File not found: C:\Program Files (x86)\Ask.com\Updater\Updater.exe

QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
QuickTime Task
Apple Inc.
7.7.4.0
c:\program files (x86)\quicktime\qttask.exe
01/05/2013 10:42
SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Java(TM) Update Scheduler
Oracle Corporation
2.1.9.8
c:\program files (x86)\common files\java\java update\jusched.exe
02/07/2013 16:16
mobilegeni daemon
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
File not found: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
NCPluginUpdater
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
NCPluginUpdater
Hewlett-Packard
1.0.0.0
c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe
22/10/2013 02:52

C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk
C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
Dropbox
Dropbox, Inc.
2.0.22.0
c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe
05/04/2013 20:44

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
Internet Explorer
C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
File not found: C:\Windows\system32\ie4uinit.exe

Google Chrome
"C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Google Chrome
Google Inc.
31.0.1650.63
c:\program files (x86)\google\chrome\application\31.0.1650.63\installer\chrmstp.exe
04/12/2013 01:54

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Akamai NetSession Interface
"C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
Akamai NetSession Client
Akamai Technologies, Inc.
1.8.9.2
c:\users\dave\appdata\local\akamai\netsession_win.exe
05/06/2013 00:47
GoogleDriveSync
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Google Drive
Google
1.13.5782.599
c:\program files (x86)\google\drive\googledrivesync.exe
02/11/2012 19:03

Task Scheduler
\Adobe Flash Player Updater
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
Adobe© Flash© Player Update Service 11.9 r900
Adobe Systems Incorporated
11.9.900.170
c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
01/12/2013 18:09
\AdobeAAMUpdater-1.0-Home-HP-Dave
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" -mode=scheduled
Adobe Updater Startup Utility
Adobe Systems Incorporated
6.2.0.1
c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
09/04/2012 11:13
\AdobeAAMUpdater-1.0-Home-HP-Simonka
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" -mode=scheduled
Adobe Updater Startup Utility
Adobe Systems Incorporated
6.2.0.1
c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
09/04/2012 11:13
\GoogleUpdateTaskMachineCore
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
Google Installer
Google Inc.
1.2.183.21
c:\program files (x86)\google\update\googleupdate.exe
09/03/2010 06:10
\GoogleUpdateTaskMachineUA
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
Google Installer
Google Inc.
1.2.183.21
c:\program files (x86)\google\update\googleupdate.exe
09/03/2010 06:10
\HPCeeScheduleForDave
"C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForDave (null)
HP Ceement
Hewlett-Packard
6.0.1.8
c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe
15/07/2011 11:42
\HPCeeScheduleForSimonka
"C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForSimonka (null)
HP Ceement
Hewlett-Packard
6.0.1.8
c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe
15/07/2011 11:42
\MirageAgent
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
YouCam Mirage
CyberLink
1.0.0.526
c:\program files (x86)\cyberlink\youcam\ycmmirage.exe
26/05/2010 02:59
\Norton WSC Integration
"C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe" /taskschd
WSCStub
Symantec Corporation
20.4.0.40
c:\program files (x86)\norton internet security\engine\20.4.0.40\wscstub.exe
04/06/2013 04:14
\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
HP Support Assistant
Hewlett-Packard Company
7.0.39.15
c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
27/09/2012 13:40
\Hewlett-Packard\HP Support Assistant\PC Health Analysis
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /L Analysis
HP Support Assistant
Hewlett-Packard Company
7.0.39.15
c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
27/09/2012 13:40
\Hewlett-Packard\HP Support Assistant\Update Check
"C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe" /s /p 1
HPSFUpdater
Hewlett-Packard Company
7.0.1.12
c:\programdata\hewlett-packard\hp support framework\resources\updater7\hpsfupdater.exe
20/11/2012 20:26
\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)
"c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe" /EventId=2
Detection_PostWarrantyAlert
Hewlett-Packard
1.0.1.4
c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\detection_postwarrantyalert.exe
28/08/2013 15:49
\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)
"c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe" /EventId=1
Detection_PostWarrantyAlert
Hewlett-Packard
1.0.1.4
c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\detection_postwarrantyalert.exe
28/08/2013 15:49
\Hewlett-Packard\HP Support Assistant\WarrantyChecker
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe"
HPWarrantyChecker
Hewlett-Packard
3.4.1.2
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe
22/11/2013 09:07
\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe" /DeviceScanR6
HPWarrantyChecker
Hewlett-Packard
3.4.1.2
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe
22/11/2013 09:07
\Microsoft\Windows\NetTrace\GatherNetworkInfo
"%windir%\system32\gatherNetworkInfo.vbs"
c:\windows\system32\gathernetworkinfo.vbs
10/06/2009 20:36
\Norton Internet Security\Norton Error Analyzer
"C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /analyze
Symantec Error Reporting
Symantec Corporation
4.3.0.9
c:\program files (x86)\norton internet security\engine\20.4.0.40\symerr.exe
04/06/2013 01:21
\Norton Internet Security\Norton Error Processor
"C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /submit
Symantec Error Reporting
Symantec Corporation
4.3.0.9
c:\program files (x86)\norton internet security\engine\20.4.0.40\symerr.exe
04/06/2013 01:21

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Norton Identity Protection
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
coIEPlugIn
Symantec Corporation
2013.4.0.10
c:\program files (x86)\norton internet security\engine\20.4.0.40\coieplg.dll
31/05/2013 01:44
Norton Vulnerability Protection
HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
IPS Browser Helper DLL
Symantec Corporation
11.1.0.73
c:\program files (x86)\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
08/08/2012 18:50
Java(tm) Plug-In SSV Helper
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Java(TM) Platform SE binary
Oracle Corporation
10.45.2.18
c:\program files (x86)\java\jre7\bin\ssv.dll
08/10/2013 14:43
TrueSuite Website Log On
HKCR\CLSID\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}
Website Log On
HP
5.3.0.264
c:\program files (x86)\hp simplepass 2011\iebho.dll
19/08/2011 09:38
Skype Browser Helper
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Skype Click to Call for Internet Explorer
Skype Technologies S.A.
5.9.0.9216
c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
17/01/2012 11:43
Java(tm) Plug-In 2 SSV Helper
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Java(TM) Platform SE binary
Oracle Corporation
10.45.2.18
c:\program files (x86)\java\jre7\bin\jp2ssv.dll
08/10/2013 14:43
HP Network Check Helper
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HP Network Check IE Plug-in
Hewlett-Packard
7.3.1.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
28/08/2013 08:28

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Norton Identity Protection
HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
coIEPlugIn
Symantec Corporation
2013.4.0.10
c:\program files (x86)\norton internet security\engine\20.4.0.40\coieplg.dll
31/05/2013 01:44
Norton Vulnerability Protection
HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
IPS Browser Helper DLL
Symantec Corporation
11.1.0.73
c:\program files (x86)\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
08/08/2012 18:50
Java(tm) Plug-In SSV Helper
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Java(TM) Platform SE binary
Oracle Corporation
10.45.2.18
c:\program files (x86)\java\jre7\bin\ssv.dll
08/10/2013 14:43
TrueSuite Website Log On
HKCR\CLSID\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}
Website Log On
HP
5.3.0.264
c:\program files (x86)\hp simplepass 2011\iebho.dll
19/08/2011 09:38
Skype Browser Helper
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Skype Click to Call for Internet Explorer
Skype Technologies S.A.
5.9.0.9216
c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
17/01/2012 11:43
Java(tm) Plug-In 2 SSV Helper
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Java(TM) Platform SE binary
Oracle Corporation
10.45.2.18
c:\program files (x86)\java\jre7\bin\jp2ssv.dll
08/10/2013 14:43
HP Network Check Helper
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HP Network Check IE Plug-in
Hewlett-Packard
7.3.1.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
28/08/2013 08:28

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellEx ecuteHooks
EasyBits Security Shield Hook - prevents launching insecure programs by kids
HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}
EasyBits Security Shield component
EasyBits Software Corp.
2.0.0.37
c:\windows\syswow64\ezupbhook.dll
06/02/2005 21:11

HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
DropboxExt
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
28/03/2013 19:43

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
GDContextMenu
HKCR\CLSID\{BB02B294-8425-42E5-983F-41A1FA970CD6}
Google Drive shell extension
Google
1.0.0.1
c:\program files (x86)\google\drive\contextmenu64.dll
26/09/2013 00:35
IZArcCM
HKCR\CLSID\{BC593DF5-466F-44EC-8FFD-C4DBC603B917}
c:\program files (x86)\izarc\izarccm64.dll
20/07/2012 11:39
Symantec.Norton.Antivirus.IEContextMenu
HKCR\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Symantec Shared Component Shell Extension Module
Symantec Corporation
20.4.0.40
c:\program files (x86)\norton internet security\engine64\20.4.0.40\navshext.dll
04/06/2013 04:34

HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers
Symantec.Norton.Antivirus.IEContextMenu
HKCR\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Symantec Shared Component Shell Extension Module
Symantec Corporation
20.4.0.40
c:\program files (x86)\norton internet security\engine64\20.4.0.40\navshext.dll
04/06/2013 04:34

HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
DropboxExt
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
28/03/2013 19:43

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
GDContextMenu
HKCR\CLSID\{BB02B294-8425-42E5-983F-41A1FA970CD6}
Google Drive shell extension
Google
1.0.0.1
c:\program files (x86)\google\drive\contextmenu64.dll
26/09/2013 00:35
IZArcCM
HKCR\CLSID\{BC593DF5-466F-44EC-8FFD-C4DBC603B917}
c:\program files (x86)\izarc\izarccm64.dll
20/07/2012 11:39

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
IZArcCM
HKCR\CLSID\{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}
c:\program files (x86)\izarc\izarccm64.dll
20/07/2012 11:39

HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
FileZilla3CopyHook
HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
fzshellext Dynamic Link Library
3.2.7.0
c:\program files (x86)\filezilla ftp client\fzshellext_64.dll
01/08/2009 10:34

HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers
FileZilla3CopyHook
HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
fzshellext Dynamic Link Library
3.6.0.2
c:\program files (x86)\filezilla ftp client\fzshellext.dll
29/11/2012 21:59

HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
DropboxExt
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
28/03/2013 19:43

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
igfxcui
HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
igfxpph Module
Intel Corporation
8.15.10.2559
c:\windows\system32\igfxpph.dll
21/10/2011 16:58

HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
PDF Shell Extension
HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
PDF Shell Extension
Adobe Systems, Inc.
10.1.8.24
c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
03/09/2013 12:24

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
Symantec.Norton.Antivirus.IEContextMenu
HKCR\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Symantec Shared Component Shell Extension Module
Symantec Corporation
20.4.0.40
c:\program files (x86)\norton internet security\engine64\20.4.0.40\navshext.dll
04/06/2013 04:34

HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
IZArcCM
HKCR\CLSID\{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}
c:\program files (x86)\izarc\izarccm64.dll
20/07/2012 11:39

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIde ntifiers
DropboxExt1
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
28/03/2013 19:43
DropboxExt2
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
28/03/2013 19:43
DropboxExt3
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
28/03/2013 19:43
DropboxExt4
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
28/03/2013 19:43
GDriveBlacklistedOverlay
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
Google Drive shell extension
Google
1.13.5782.599
c:\program files (x86)\google\drive\googledrivesync64.dll
06/12/2013 23:45
GDriveSharedEditOverlay
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}
Google Drive shell extension
Google
1.13.5782.599
c:\program files (x86)\google\drive\googledrivesync64.dll
06/12/2013 23:45
GDriveSharedViewOverlay
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}
Google Drive shell extension
Google
1.13.5782.599
c:\program files (x86)\google\drive\googledrivesync64.dll
06/12/2013 23:45
GDriveSyncedOverlay
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
Google Drive shell extension
Google
1.13.5782.599
c:\program files (x86)\google\drive\googledrivesync64.dll
06/12/2013 23:45
GDriveSyncingOverlay
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
Google Drive shell extension
Google
1.13.5782.599
c:\program files (x86)\google\drive\googledrivesync64.dll
06/12/2013 23:45

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIc onOverlayIdentifiers
DropboxExt1
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext.19.dll
28/03/2013 19:43
DropboxExt2
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext.19.dll
28/03/2013 19:43
DropboxExt3
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
Dropbox Shell Extension
Dropbox, Inc.
1.0.0.19
c:\users\dave\appdata\roaming\dropbox\bin\dropboxext.19.dll
28/03/2013 19:43

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
Norton Toolbar
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
coIEPlugIn
Symantec Corporation
2013.4.0.10
c:\program files (x86)\norton internet security\engine\20.4.0.40\coieplg.dll
31/05/2013 01:44

HKLM\Software\Microsoft\Internet Explorer\Extensions
HP Network Check
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
NCLauncherFromIE
Hewlett-Packard
7.0.0.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
09/07/2012 22:46

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions
HP Network Check
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
NCLauncherFromIE
Hewlett-Packard
7.0.0.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
09/07/2012 22:46
Skype Click to Call
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Skype Click to Call for Internet Explorer
Skype Technologies S.A.
5.9.0.9216
c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
17/01/2012 11:43
Add to Evernote 4
C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
File not found: C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
msacm.l3acm
C:\Windows\System32\l3codeca.acm
MPEG Layer-3 Audio Codec for MSACM
Fraunhofer Institut Integrierte Schaltungen IIS
1.9.0.401
c:\windows\system32\l3codeca.acm
14/07/2009 01:28

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
msacm.l3acm
C:\Windows\SysWOW64\l3codeca.acm
MPEG Layer-3 Audio Codec for MSACM
Fraunhofer Institut Integrierte Schaltungen IIS
1.9.0.401
c:\windows\syswow64\l3codeca.acm
14/07/2009 01:06
vidc.cvid
iccvid.dll
Cinepak© Codec
Radius Inc.
1.10.0.13
c:\windows\syswow64\iccvid.dll
20/11/2010 11:59

HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
RemotelyAnywhere Video Encoder
HKCR\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}
RemotelyAnywhere Video Codec
LogMeIn, Inc.
8.0.0.795
c:\windows\downloaded program files\x64\racodec.ax
19/10/2011 09:50
RemotelyAnywhere Video Decoder
HKCR\CLSID\{43534152-0000-0010-8000-00AA00389B71}
RemotelyAnywhere Video Codec
LogMeIn, Inc.
8.0.0.795
c:\windows\downloaded program files\x64\racodec.ax
19/10/2011 09:50

HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
RemotelyAnywhere Video Encoder
HKCR\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}
RemotelyAnywhere Video Codec
LogMeIn, Inc.
8.0.0.795
c:\windows\downloaded program files\x86\racodec.ax
19/10/2011 09:49
RemotelyAnywhere Video Decoder
HKCR\CLSID\{43534152-0000-0010-8000-00AA00389B71}
RemotelyAnywhere Video Codec
LogMeIn, Inc.
8.0.0.795
c:\windows\downloaded program files\x86\racodec.ax
19/10/2011 09:49

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simonka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simonka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Simonka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Simonka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simonka\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simonka\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Simonka\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\n8vklyyd.default\Cache emptied successfully
C:\Users\Simonka\AppData\Local\Mozilla\Firefox\Profiles\w1paw79s.default\Ca che emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Simonka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1784 folders=334 415605002 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Simonka\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Dave\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Dave\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\BrowseSmart" not found
"C:\PROGRA~2\BrowseSmart" not found

==== EOF on 26/12/2013 at 11:03:42.42 ======================


Kind Regards!

D
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,542 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
26-Dec-2013, 07:57 AM #7
Re-run Zoek one more time (accept UAC) The following window will open:





Copy and paste the following script from the code box and paste into the field.


Code:
C:\Program Files (x86)\Ask.com;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"ApnUpdater"=-;r

Select the "Run Script" tab. The following window will open:







Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do



Post the produced log in your next reply…..

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from the following link and save it to your desktop.:


http://www.malwarebytes.org/mbam.php

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see those two logs, also give an update on any remaining issues or concerns...

Thanks,

Kevin
darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
27-Dec-2013, 08:20 AM #8
Hi,

Fantastic thanks - all appears to be ok again, no issues to report and here are the logs requested:


Zoek.exe v5.0.0.0 Updated 23-December-2013
Tool run by Dave on 27/12/2013 at 11:54:49.16.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dave\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2013-12-26-110342.log 127620 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Ask.com not found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1784 folders=334 415605002 bytes)

==== EOF on 27/12/2013 at 11:59:09.05 ======================



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Dave :: HOME-HP [administrator]

27/12/2013 12:03:27
mbam-log-2013-12-27 (12-03-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247413
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Quarantined and deleted successfully.
HKCU\Software\BrowseSmart (PUP.Optional.BrowseSmart.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Quarantined and deleted successfully.
HKLM\Software\BrowseSmart (PUP.Optional.BrowseSmart.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Data: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Data: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Simonka\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

(end)



Kind Regards

D
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,542 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
27-Dec-2013, 09:36 AM #9
Excellent, just what we like to hear, We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete
  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report in next reply

Thanks,

Kevin
darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
01-Jan-2014, 01:41 PM #10
Hiya Kevin,

Sorry for the delay, there were threats and here is the list:

C:\Users\Dave\AppData\Roaming\0S1F1O2Z0S2Y1H1T\DVD Shrink Packages\uninstaller.exe Win32/InstallCore.AZ application
C:\Users\Dave\Documents\Symantec\Archived Desktop Stuff\Desktop Stuff\Setup-SopCast-3.4.0-2011-6-9.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Dave\Downloads\cnet2_AvaCam_Setup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Simonka\Downloads\light_image_resizer4_setup_4.3.1.0_linkular.exe Win32/Adware.Linkular.AC application
C:\zoek_backup\C_Users_Dave_Downloads_SopCast-3.5.0.exe.vir multiple threats
C:\zoek_backup\C_PROGRA~2_BrowseSmart\BrowseSmartBHO.dll a variant of Win32/BrowseFox.F application
C:\zoek_backup\C_PROGRA~2_BrowseSmart\updateBrowseSmart.exe a variant of Win32/BrowseFox.G application
C:\zoek_backup\C_PROGRA~2_BrowseSmart\bin\utilBrowseSmart.exe a variant of Win32/BrowseFox.G application
C:\zoek_backup\C_Users_Dave_AppData_Local_Bundled software uninstaller\bi_client.exe Win32/Somoto.A application


Thanks and happy new year!


Kind Regards

D
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,542 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
01-Jan-2014, 04:58 PM #11
Thanks for the reply, Happy New Year to yourself and family...

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    Code:
    :Files
    C:\Users\Dave\Documents\Symantec\Archived Desktop Stuff\Desktop Stuff\Setup-SopCast-3.4.0-2011-6-9.exe
    C:\Users\Dave\Downloads\cnet2_AvaCam_Setup_exe.exe
    C:\Users\Simonka\Downloads\light_image_resizer4_setup_4.3.1.0_linkular.exe
    :Commands
    [EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Download Security Check by screen317 from either of the following:
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those logs, also let me know if any remaining issues or concerns...

Kevin
darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
01-Jan-2014, 06:52 PM #12
Thanks Kevin! Really appreciate your support!

Here are the latest two logs.... all appears to be back to normal and no issues to report

All processes killed
========== FILES ==========
C:\Users\Dave\Documents\Symantec\Archived Desktop Stuff\Desktop Stuff\Setup-SopCast-3.4.0-2011-6-9.exe moved successfully.
C:\Users\Dave\Downloads\cnet2_AvaCam_Setup_exe.exe moved successfully.
C:\Users\Simonka\Downloads\light_image_resizer4_setup_4.3.1.0_linkular.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 50792168 bytes
->Temporary Internet Files folder emptied: 414873288 bytes
->Java cache emptied: 8196 bytes
->FireFox cache emptied: 88205485 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10442195 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Simonka
->Temp folder emptied: 114626 bytes
->Temporary Internet Files folder emptied: 122176070 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 108883094 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

User: TEMP

User: TEMP.Home-HP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18351 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\ Temporary Internet Files folder emptied: 11613 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 2818354 bytes

Total Files Cleaned = 761.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 01012014_222648

Files moved on Reboot...
C:\Users\Dave\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\Dave\AppData\Local\Temp\~DF1EC0080039DAC56C.TMP not found!
File C:\Users\Dave\AppData\Local\Temp\~DF6137E704D7667351.TMP not found!
File C:\Users\Dave\AppData\Local\Temp\~DF69EEE87CA80F8D19.TMP not found!
File C:\Users\Dave\AppData\Local\Temp\~DF705032D293587D01.TMP not found!
File C:\Users\Dave\AppData\Local\Temp\~DFC820AAC9BC829CC5.TMP not found!
File C:\Users\Dave\AppData\Local\Temp\~DFD4918D0557927E1E.TMP not found!
File C:\Users\Dave\AppData\Local\Temp\~DFF1CEBCB4175D4972.TMP not found!
File C:\Users\Dave\AppData\Local\Temp\~DFFBB13A31FB8D664A.TMP not found!
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZN2HXUJ\1[timestamp]@x90[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZN2HXUJ\click[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZN2HXUJ\if[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZN2HXUJ\YSGAM0HQ.htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02EAOO1T\1115500-help-spyware-removal-after-downloading[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02EAOO1T\search[2].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02EAOO1T\watch[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...




_____________



Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox 25.0.1 Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Kind Regards!

D
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,542 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
02-Jan-2014, 01:45 PM #13
Adobe Reader is outdated...
Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.
Step 2 - Select your Langauge.
Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Download "Delfix by Xplode" and save it to your desktop.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:
  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT, the back up will be created here:
C:\Windows\ERUNT

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any tools left on your Desktop can be simply deleted, also navigate to and expand C:\ Any files/folders related to Zoek can be deleted....

Let me know if any remaining issues or concerns.... Also read the following, you may find it useful:

http://www.bleepingcomputer.com/foru.../#entry2316629

Kevin....
darrrius's Avatar
darrrius darrrius is offline
Computer Specs
Member with 62 posts.
THREAD STARTER
 
Join Date: Sep 2006
Location: Greenwich, SE London
Experience: Intermediate
02-Jan-2014, 04:54 PM #14
Kevin, you've been amazing. All done and all good!

thanks for all the help, much appreciated!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,542 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
02-Jan-2014, 06:13 PM #15
You`re very welcome....
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑