1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help with spyware removal after downloading a dvdShrink program

Discussion in 'Virus & Other Malware Removal' started by darrrius, Dec 17, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    Hi,

    I'd be much appreciative of some help cleaning up my laptop. I recently installed a program that I needed to cut scenes from a dvd, it was called DVD-Shink or something similar.

    Since the install, my browsers were hacked and the system is generally very slow and starts up with errors, on logging into windows. The browser would go to a different search engine (I solved that bit), and the problems generally remain.

    here are the logs requested:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:53:15, on 17/12/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16428)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\Dave\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files (x86)\BrowseSmart\BrowseSmartbho.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
    O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - Startup: Dropbox.lnk = Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
    O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/UK/TechConsole/x86/RescueControl.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Update BrowseSmart - Unknown owner - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe
    O23 - Service: Util BrowseSmart - Unknown owner - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 17402 bytes




    ____


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
    Run by Dave at 20:53:36 on 2013-12-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4044.2222 [GMT 0:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.co.uk
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit = userinit.exe
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: BrowseSmart: {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files (x86)\BrowseSmart\BrowseSmartbho.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll
    uRun: [AdobeBridge] <no file>
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
    DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/UK/TechConsole/x86/RescueControl.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\3414E454F53594D4B4F46514 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\35B4953323543373 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\4514C4B44514C4B4D2646403544344 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\4516C6B64516C6B6A616561623 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\8353F5255737B696E6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{87CA5F32-695F-44CB-902A-D6BE1491B8F3}\C6F676963747963637 : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{BD3DE3BF-10B8-4DE8-A1ED-12DBDAE4E8F5} : DHCPNameServer = 172.31.254.249
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\
    FF - prefs.js: browser.search.selectedEngine - Mysearchdial
    FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
    FF - prefs.js: keyword.URL -
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: C:\Users\Dave\AppData\Roaming\ACEStream\player\npace_plugin.dll
    FF - plugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
    FF - plugin: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
    FF - ExtSQL: 2013-12-11 21:08; {f9d03c26-0575-497e-821d-f7956d23e0ca}; C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.mysearchdial.hmpg - true
    FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
    FF - user.js: extensions.mysearchdial.dfltSrch - true
    FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
    FF - user.js: extensions.mysearchdial.dnsErr - true
    FF - user.js: extensions.mysearchdial_i.newTab - false
    FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=
    FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=&q=
    FF - user.js: extensions.mysearchdial.id - EC9A7461F89B687A
    FF - user.js: extensions.mysearchdial.instlDay - 16050
    FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
    FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
    FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.021:8:2
    FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
    FF - user.js: extensions.mysearchdial.prdct - mysearchdial
    FF - user.js: extensions.mysearchdial.aflt - suma1202
    FF - user.js: extensions.mysearchdial_i.smplGrp - none
    FF - user.js: extensions.mysearchdial.tlbrId - base
    FF - user.js: extensions.mysearchdial.instlRef -
    FF - user.js: extensions.mysearchdial.dfltLng -
    FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    FF - user.js: extensions.mysearchdial.excTlbr - false
    FF - user.js: extensions.mysearchdial_i.hmpg - true
    FF - user.js: extensions.mysearchdial.cr - 1830256455
    FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
    FF - user.js: extensions.irmysearch.aflt - suma1202
    FF - user.js: extensions.irmysearch.instlRef -
    FF - user.js: extensions.irmysearch.cr - 1830256455
    FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\SymDS64.sys [2013-7-2 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\SymEFA64.sys [2013-7-2 1139800]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccSetx64.sys [2013-7-2 169048]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131216.001\IDSviA64.sys [2013-12-17 521944]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\Ironx64.sys [2013-7-2 224416]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-7-2 433752]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
    R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-19 260424]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-12 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-12 2425960]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-7-2 144368]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-12 2656280]
    R2 Update BrowseSmart;Update BrowseSmart;C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe [2013-12-6 66848]
    R2 Util BrowseSmart;Util BrowseSmart;C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe [2013-12-14 66848]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-7 317440]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-12 1860672]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-12 565352]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 HP8107Fltr;HP-HP8107;C:\Windows\System32\drivers\HP8107.sys [2010-2-4 13824]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-12-12 339048]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-22 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-12-14 11:26:24 -------- d-----w- C:\Users\Dave\AppData\Local\{500E3E2F-A7F0-46F1-9A64-6C0B5D71CE83}
    2013-12-11 22:46:08 -------- d-----r- C:\Users\Dave\Google Drive
    2013-12-11 21:35:56 -------- d-----w- C:\Users\Dave\AppData\Local\{100D03AB-E66A-49A0-AAC2-42B90AD08728}
    2013-12-11 21:09:42 -------- d-----w- C:\Users\Dave\AppData\Local\cache
    2013-12-11 21:09:30 -------- d-----w- C:\Users\Dave\AppData\Local\Mobogenie
    2013-12-11 21:09:23 -------- d-----w- C:\Users\Dave\AppData\Roaming\0S1F1O2Z0S2Y1H1T
    2013-12-11 21:08:35 -------- d-----w- C:\Users\Dave\AppData\Roaming\Systweak
    2013-12-11 21:08:31 20312 ----a-w- C:\Windows\System32\roboot64.exe
    2013-12-11 21:08:26 -------- d-----w- C:\Program Files (x86)\Mobogenie
    2013-12-11 21:08:22 -------- d-----w- C:\Program Files (x86)\BrowseSmart
    2013-12-11 21:08:18 -------- d-----w- C:\Program Files (x86)\BonanzaDeals
    2013-12-11 20:13:21 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2013-12-11 20:13:21 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2013-12-11 20:13:20 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2013-12-11 20:13:20 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2013-12-11 20:10:57 5769216 ----a-w- C:\Windows\System32\jscript9.dll
    2013-12-11 20:10:57 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-12-01 12:41:39 -------- d-----w- C:\Users\Dave\AppData\Local\assembly
    2013-11-28 19:06:23 -------- d-----w- C:\Users\Dave\AppData\Local\{AF129B83-A48A-4C22-BC67-FD6B57753AE2}
    2013-11-23 13:50:15 -------- d--h--w- C:\_acestream_cache_
    2013-11-23 13:46:35 -------- d-----w- C:\Users\Dave\AppData\Roaming\.ACEStream
    2013-11-23 13:46:10 -------- d-----w- C:\Users\Dave\AppData\Roaming\ACEStream
    2013-11-19 19:30:59 -------- d-----w- C:\Users\Dave\AppData\Local\{A578F04B-94A6-41EB-ACB4-6ECEFAD5AF13}
    .
    ==================== Find3M ====================
    .
    2013-12-10 21:31:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-10 21:31:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
    2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
    2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
    2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
    2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
    2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
    2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
    2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
    2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
    2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
    2013-10-08 07:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
    2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
    2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
    2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
    2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
    2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
    2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
    2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
    2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
    .
    ============= FINISH: 20:54:17.37 ===============



    ____


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 21/04/2012 10:32:28
    System Uptime: 17/12/2013 20:23:05 (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 166F
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU1 | 1175/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 572 GiB total, 305.062 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 2.148 GiB free.
    E: is FIXED (FAT32) - 4 GiB total, 1.074 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP135: 01/12/2013 12:37:49 - Installed Microsoft SQL Server 2012 PowerPivot for Excel 32-bit
    RP136: 04/12/2013 08:20:50 - Windows Update
    RP137: 11/12/2013 20:06:33 - Windows Update
    RP138: 15/12/2013 08:08:38 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Ace Stream Media 2.1.10.2
    Adobe AIR
    Adobe Captivate 5
    Adobe Captivate 6 (64 Bit)
    Adobe Captivate Quiz Results Analyzer
    Adobe Captivate Reviewer
    Adobe Connect 9 Add-in
    Adobe Creative Suite 5 Design Premium
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Media Player
    Adobe Reader X (10.1.8) MUI
    Adobe Shockwave Player 11.6
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Articulate Storyline
    Ask Toolbar
    Ask Toolbar Updater
    AuthenTec TrueAPI
    AvaCam v3.2.0
    Bejeweled 3
    Bing Bar
    BIRT 0.96
    Blackhawk Striker 2
    Blio
    Bonanza Deals (remove only)
    Bonjour
    BrowseSmart
    Bundled software uninstaller
    Chuzzle Deluxe
    Cradle of Rome 2
    Crystal Reports for Visual Studio
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dora's World Adventure
    Dotfuscator Software Services - Community Edition
    Dropbox
    DVD Shrink Packages
    ESU for Microsoft Windows 7 SP1
    Evernote v. 4.2.3
    Farm Frenzy
    Farmscapes
    FATE
    FileZilla Client 3.6.0.2
    Final Drive Fury
    GanttProject
    GlassFish Server Open Source Edition 3.1.2
    Google Chrome
    Google Drive
    Google Earth Plug-in
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.2.1.1
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2542054)
    Hoyle Card Games
    HP Auto
    HP Client Services
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP Launch Box
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP QuickWeb
    HP Recovery Manager
    HP Security Assistant
    HP Setup
    HP Setup Manager
    HP SimplePass PE 2011
    HP Software Framework
    HP Support Assistant
    IDT Audio
    IIS 7.5 Express
    Intel(R) Control Center
    Intel(R) Identity Protection Technology 1.2.22.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    iTunes
    IZArc 4.1.8
    Java 7 Update 45
    Java Auto Updater
    Java(TM) 7 Update 3 (64-bit)
    Java(TM) SE Development Kit 7 Update 3 (64-bit)
    JavaFX 2.0.3 (64-bit)
    JavaFX 2.0.3 SDK (64-bit)
    Jewel Match 3
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    John Deere Drive Green
    Junk Mail filter update
    Letters from Nowhere 2
    Light Image Resizer 4.3.1.0
    Luxor HD
    Magic Desktop
    Mah Jong Medley
    Mesh Runtime
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Beta
    Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft ASP.NET MVC 3
    Microsoft ASP.NET Web Pages
    Microsoft Help Viewer 1.0
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 5 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server 2012 Command Line Utilities RC0
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Express LocalDB RC0
    Microsoft SQL Server 2012 Management Objects RC0
    Microsoft SQL Server 2012 Management Objects RC0 (x64)
    Microsoft SQL Server 2012 Native Client RC0
    Microsoft SQL Server 2012 PowerPivot for Excel 32-bit
    Microsoft SQL Server 2012 T-SQL Language Service RC0
    Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0
    Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
    Microsoft SQL Server Data Tools Build Utilities Mar 2012
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft System CLR Types for SQL Server 2012 RC0
    Microsoft System CLR Types for SQL Server 2012 RC0 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
    Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    Microsoft Visual Studio 2010 Premium - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Macro Tools
    Microsoft Web Deploy 3.0
    Microsoft Web Deploy dbSqlPackage Provider Nov 2011
    Microsoft Web Platform Installer 4.0
    Microsoft(R) SQL Server Data Tools, RC0 - enu
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Mozilla Firefox 25.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MWSnap 3
    NetBeans IDE 7.1.1
    Norton Internet Security
    OpenProj
    opensource
    PandoraRecovery (Remove Only)
    PDF Settings CS5
    Penguins!
    Picasa 3
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Prerequisites for SSDT RC0
    QuickTime
    Ralink RT5390 802.11b/g/n WiFi Adapter
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    RollerCoaster Tycoon 3: Platinum
    Secure Download Manager
    Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)
    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)
    Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
    Skype Click to Call
    Skype™ 5.10
    SopCast 3.5.0
    Sql Server Customer Experience Improvement Program
    SQL Server Data Framework Tools
    swMSM
    Synaptics TouchPad Driver
    The Treasures of Mystery Island: The Ghost Ship
    Torchlight
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
    Update Installer for WildTangent Games App
    VIP Access SDK (1.1.0.4)
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WCF RIA Services V1.0 SP2
    Web Deployment Tool
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinPatrol
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/12/2013 21:00:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Update BrowseSmart service to connect.
    12/12/2013 21:00:39, Error: Service Control Manager [7000] - The Update BrowseSmart service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/12/2013 22:13:02, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================



    ___


    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-12-17 21:51:59
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GS00 596.17GB
    Running: jiykdpri.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kwldipow.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fb1000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80002fb1011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

    ---- User code sections - GMER 2.1 ----

    ? C:\Windows\system32\mssprxy.dll [2016] entry point in ".rdata" section 000000006bcf71e6
    .text C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe[2108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe[2672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe[4616] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe[4732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[5012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[1500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075181465 2 bytes [18, 75]
    .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[1500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751814bb 2 bytes [18, 75]
    .text ... * 2

    ---- EOF - GMER 2.1 ----



    Cheers

    Kind Regards

    D
     
  2. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    Hi, Sorry to bump this but would really appreciate some guidance here.

    Thanks

    Dave
     
  3. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    I'm now getting redirected to marketing websites and pop-up in all browsers.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Hiya darrius,

    Run the following:

    Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

    Double click zip file and extract to your Desktop:


    [​IMG]


    you will now have 3 versions of the tool on the Desktop:


    [​IMG]

    Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/fo... Post the produced log in your next reply…..
     
  5. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    Hey kevinf80,

    Thanks for the help, much appreciated.

    Here is the log from zoek:


    Zoek.exe v5.0.0.0 Updated 23-December-2013
    Tool run by Dave on 26/12/2013 at 10:29:53.14.
    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\Dave\Desktop\zoek.exe [Scan all users] [Script inserted]

    ==== System Restore Info ======================

    26/12/2013 10:32:59 Zoek.exe System Restore Point Created Succesfully.

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{064E820E-9D35-4070-A635-F8E2F72A2589} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{15C50F97-4A8B-4F1F-AC2B-E722AF998315} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fe063412-bea4-4d76-8ed3-183be6220d17} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

    ==== Deleting CLSID Registry Values ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

    ==== Installed Programs ======================

    Ace Stream Media 2.1.10.2
    Adobe AIR
    Adobe Captivate 5
    Adobe Captivate 6 (64 Bit)
    Adobe Captivate Quiz Results Analyzer
    Adobe Captivate Reviewer
    Adobe Connect 9 Add-in
    Adobe Creative Suite 5 Design Premium
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Media Player
    Adobe Reader X (10.1.8) MUI
    Adobe Shockwave Player 11.6
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Articulate Storyline
    Ask Toolbar
    Ask Toolbar Updater
    AuthenTec TrueAPI
    AvaCam v3.2.0
    Bejeweled 3
    Bing Bar
    BIRT 0.96
    Blackhawk Striker 2
    Blio
    Bonanza Deals (remove only)
    Bonjour
    BrowseSmart
    Chuzzle Deluxe
    Cradle of Rome 2
    Crystal Reports for Visual Studio
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dora's World Adventure
    Dotfuscator Software Services - Community Edition
    Dropbox
    DVD Shrink Packages
    ESU for Microsoft Windows 7 SP1
    Evernote v. 4.2.3
    Farm Frenzy
    Farmscapes
    FATE
    FileZilla Client 3.6.0.2
    Final Drive Fury
    GanttProject
    GlassFish Server Open Source Edition 3.1.2
    Google Chrome
    Google Drive
    Google Earth Plug-in
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.2.1.1
    Hotfix for Microsoft Visual Studio 2010 Premium - ENU (KB2542054)
    Hoyle Card Games
    HP Auto
    HP Client Services
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP Launch Box
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP QuickWeb
    HP Recovery Manager
    HP Security Assistant
    HP Setup
    HP Setup Manager
    HP SimplePass PE 2011
    HP Software Framework
    HP Support Assistant
    IDT Audio
    IIS 7.5 Express
    Intel(R) Control Center
    Intel(R) Identity Protection Technology 1.2.22.0
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    iTunes
    IZArc 4.1.8
    Java 7 Update 45
    Java Auto Updater
    Java(TM) 7 Update 3 (64-bit)
    Java(TM) SE Development Kit 7 Update 3 (64-bit)
    JavaFX 2.0.3 (64-bit)
    JavaFX 2.0.3 SDK (64-bit)
    Jewel Match 3
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    John Deere Drive Green
    Junk Mail filter update
    Letters from Nowhere 2
    Light Image Resizer 4.3.1.0
    Luxor HD
    Magic Desktop
    Mah Jong Medley
    Mesh Runtime
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Beta
    Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 3
    Microsoft ASP.NET Web Pages
    Microsoft Help Viewer 1.0
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 5 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server 2012 Command Line Utilities RC0
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Express LocalDB RC0
    Microsoft SQL Server 2012 Management Objects RC0
    Microsoft SQL Server 2012 Management Objects RC0 (x64)
    Microsoft SQL Server 2012 Native Client RC0
    Microsoft SQL Server 2012 PowerPivot for Excel 32-bit
    Microsoft SQL Server 2012 T-SQL Language Service RC0
    Microsoft SQL Server 2012 Transact-SQL Compiler Service RC0
    Microsoft SQL Server 2012 Transact-SQL ScriptDom RC0
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
    Microsoft SQL Server Data Tools Build Utilities Mar 2012
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft System CLR Types for SQL Server 2012 RC0
    Microsoft System CLR Types for SQL Server 2012 RC0 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
    Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    Microsoft Visual Studio 2010 Premium - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio Macro Tools
    Microsoft Web Deploy 3.0
    Microsoft Web Deploy dbSqlPackage Provider Nov 2011
    Microsoft Web Platform Installer 4.0
    Microsoft(R) SQL Server Data Tools, RC0 - enu
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    More Games from HP Games
    Mozilla Firefox 25.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MWSnap 3
    NetBeans IDE 7.1.1
    Norton Internet Security
    OpenProj
    opensource
    PandoraRecovery (Remove Only)
    PDF Settings CS5
    Penguins
    Picasa 3
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Prerequisites for SSDT RC0
    QuickTime
    Ralink RT5390 802.11b/g/n WiFi Adapter
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    RollerCoaster Tycoon 3: Platinum
    Secure Download Manager
    Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)
    Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
    Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
    Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2251489)
    Security Update for Microsoft Visual Studio 2010 Premium - ENU (KB2644980)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
    Skype Click to Call
    SkypeT 5.10
    SopCast 3.5.0
    Sql Server Customer Experience Improvement Program
    SQL Server Data Framework Tools
    swMSM
    Synaptics TouchPad Driver
    The Treasures of Mystery Island: The Ghost Ship
    Torchlight
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
    Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
    Update Installer for WildTangent Games App
    VIP Access SDK (1.1.0.4)
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    WCF RIA Services V1.0 SP2
    Web Deployment Tool
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinPatrol
    Zuma's Revenge

    ==== Running Processes ======================

    C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\SysWOW64\ezSharedSvcHost.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe
    C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    C:\Users\Dave\Desktop\zoek.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cmd.exe

    ==== Deleting Services ======================

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util BrowseSmart deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util BrowseSmart deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util BrowseSmart deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util BrowseSmart deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update BrowseSmart deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update BrowseSmart deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update BrowseSmart deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update BrowseSmart deleted successfully

    ==== FireFox Fix ======================

    ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default

    ---- Lines mysearchdial removed from prefs.js ----
    user_pref("browser.search.defaultenginename", "Mysearchdial");
    user_pref("browser.search.selectedEngine", "Mysearchdial");
    user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtC
    user_pref("extensions.mysearchdial.aflt", "suma1202");
    user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1
    user_pref("extensions.mysearchdial.cr", "1830256455");
    user_pref("extensions.mysearchdial.dfltLng", "");
    user_pref("extensions.mysearchdial.dfltSrch", true);
    user_pref("extensions.mysearchdial.dnsErr", true);
    user_pref("extensions.mysearchdial.excTlbr", false);
    user_pref("extensions.mysearchdial.hmpg", true);
    user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tz
    user_pref("extensions.mysearchdial.id", "EC9A7461F89B687A");
    user_pref("extensions.mysearchdial.instlDay", "16050");
    user_pref("extensions.mysearchdial.instlRef", "");
    user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0
    user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    user_pref("extensions.mysearchdial.tlbrId", "base");
    user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0
    user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
    user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
    user_pref("extensions.mysearchdial_i.hmpg", true);
    user_pref("extensions.mysearchdial_i.newTab", false);
    user_pref("extensions.mysearchdial_i.smplGrp", "none");
    user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:8:2");
    ---- Lines mysearchdial removed from user.js ----

    user_pref("extensions.mysearchdial.hmpg", true);
    user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=");
    user_pref("extensions.mysearchdial.dfltSrch", true);
    user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    user_pref("extensions.mysearchdial.dnsErr", true);
    user_pref("extensions.mysearchdial_i.newTab", false);
    user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=");
    user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=&q=");
    user_pref("extensions.mysearchdial.id", "EC9A7461F89B687A");
    user_pref("extensions.mysearchdial.instlDay", "16050");
    user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
    user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
    user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:8:2");
    user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    user_pref("extensions.mysearchdial.aflt", "suma1202");
    user_pref("extensions.mysearchdial_i.smplGrp", "none");
    user_pref("extensions.mysearchdial.tlbrId", "base");
    user_pref("extensions.mysearchdial.instlRef", "");
    user_pref("extensions.mysearchdial.dfltLng", "");
    user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    user_pref("extensions.mysearchdial.excTlbr", false);
    user_pref("extensions.mysearchdial_i.hmpg", true);
    user_pref("extensions.mysearchdial.cr", "1830256455");
    user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

    ---- Lines ask.com removed from prefs.js ----
    user_pref("browser.search.defaultengine", "Ask.com");
    user_pref("browser.search.order.1", "Ask.com");
    ---- Lines asktb removed from prefs.js ----
    user_pref("extensions.asktb.ff-original-keyword-url", "");
    ---- FireFox user.js and prefs.js backups ----

    user_122013_1044_.backup
    prefs_122013_1044_.backup

    ProfilePath: C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default

    ---- Lines mysearchdial removed from prefs.js ----
    user_pref("browser.search.defaultenginename", "Mysearchdial");
    user_pref("browser.search.order.1", "Mysearchdial");
    user_pref("browser.search.selectedEngine", "Mysearchdial");
    user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtC
    user_pref("extensions.mysearchdial.aflt", "suma1202");
    user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1
    user_pref("extensions.mysearchdial.cntry", "GB");
    user_pref("extensions.mysearchdial.cr", "1830256455");
    user_pref("extensions.mysearchdial.dfltLng", "");
    user_pref("extensions.mysearchdial.dfltSrch", true);
    user_pref("extensions.mysearchdial.dnsErr", true);
    user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,304628180
    user_pref("extensions.mysearchdial.excTlbr", false);
    user_pref("extensions.mysearchdial.hdrMd5", "2E5B69DFE923DB0D3D1CCF3A87A78C8F");
    user_pref("extensions.mysearchdial.hmpg", true);
    user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tz
    user_pref("extensions.mysearchdial.id", "EC9A7461F89B687A");
    user_pref("extensions.mysearchdial.instlDay", "16050");
    user_pref("extensions.mysearchdial.instlRef", "");
    user_pref("extensions.mysearchdial.lastB", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0
    user_pref("extensions.mysearchdial.lastVrsnTs", "");
    user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0
    user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\
    user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    user_pref("extensions.mysearchdial.sg", "{smplGrp}");
    user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    user_pref("extensions.mysearchdial.tlbrId", "base");
    user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0
    user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
    user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
    user_pref("extensions.mysearchdial_i.hmpg", true);
    user_pref("extensions.mysearchdial_i.newTab", false);
    user_pref("extensions.mysearchdial_i.smplGrp", "none");
    user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:8:2");
    ---- Lines mysearchdial modified from prefs.js ----

    user_pref("extensions.enabledAddons", "%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e08-4474-a285-32
    user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
    ---- Lines mysearchdial removed from user.js ----

    user_pref("extensions.mysearchdial.hmpg", true);
    user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=");
    user_pref("extensions.mysearchdial.dfltSrch", true);
    user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
    user_pref("extensions.mysearchdial.dnsErr", true);
    user_pref("extensions.mysearchdial_i.newTab", false);
    user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=");
    user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir=&q=");
    user_pref("extensions.mysearchdial.id", "EC9A7461F89B687A");
    user_pref("extensions.mysearchdial.instlDay", "16050");
    user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
    user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
    user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:8:2");
    user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
    user_pref("extensions.mysearchdial.prdct", "mysearchdial");
    user_pref("extensions.mysearchdial.aflt", "suma1202");
    user_pref("extensions.mysearchdial_i.smplGrp", "none");
    user_pref("extensions.mysearchdial.tlbrId", "base");
    user_pref("extensions.mysearchdial.instlRef", "");
    user_pref("extensions.mysearchdial.dfltLng", "");
    user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
    user_pref("extensions.mysearchdial.excTlbr", false);
    user_pref("extensions.mysearchdial_i.hmpg", true);
    user_pref("extensions.mysearchdial.cr", "1830256455");
    user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

    ---- Lines ask.com removed from prefs.js ----
    user_pref("browser.search.defaultengine", "Ask.com");
    ---- Lines ask.com modified from prefs.js ----

    user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
    ---- Lines asktb removed from prefs.js ----
    user_pref("extensions.asktb.ff-original-keyword-url", "");
    ---- FireFox user.js and prefs.js backups ----

    user_122013_1044_.backup
    prefs_122013_1044_.backup

    ==== Deleting Files \ Folders ======================

    C:\Users\Dave\daemonprocess.txt deleted
    C:\PROGRA~2\Mobogenie deleted
    C:\PROGRA~2\BonanzaDeals deleted
    C:\PROGRA~2\SopCast deleted
    C:\Users\Dave\AppData\Roaming\Systweak deleted
    C:\ProgramData\Ask deleted
    C:\ProgramData\InstallMate deleted
    C:\ProgramData\Package Cache deleted
    C:\Users\Dave\AppData\Local\mysearchdial-speeddial.crx deleted
    C:\Users\Dave\AppData\Local\Bundled software uninstaller deleted
    C:\Users\Dave\AppData\Local\Mobogenie deleted
    C:\Users\Dave\AppData\Local\cache deleted
    C:\Users\Simonka\AppData\Local\APN deleted
    C:\Users\wangzhisong\AppData\Local\Mobogenie deleted
    C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals deleted
    C:\Windows\SysNative\roboot64.exe deleted
    C:\Users\Dave\Downloads\SopCast-3.5.0.exe deleted
    C:\Users\Dave\AppData\LocalLow\AskToolbar deleted
    C:\Users\Simonka\AppData\LocalLow\AskToolbar deleted
    C:\windows\SysNative\TASKS\Scheduled Update for Ask Toolbar deleted
    C:\windows\SysNative\tasks\BonanzaDealsUpdate deleted
    C:\Users\wangzhisong deleted
    C:\Users\Dave\Documents\Mobogenie deleted
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\searchplugins\Mysearchdial.xml deleted
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\extensions\[email protected] deleted
    C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\searchplugins\askcom.xml deleted
    C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\searchplugins\Mysearchdial.xml deleted
    C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
    C:\Users\Dave\Downloads\wpsetup.exe deleted
    C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\extensions\[email protected] deleted
    C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\extensions\[email protected] deleted
    "C:\PROGRA~2\BrowseSmart\bin\sqlite3.dll" deleted
    "C:\PROGRA~2\BrowseSmart\bin\utilBrowseSmart.exe" deleted
    "C:\PROGRA~2\Ask.com\Updater\Updater.exe" deleted
    "C:\PROGRA~2\BrowseSmart\bin\sqlite3.dll" deleted
    "C:\PROGRA~2\BrowseSmart\bin\utilBrowseSmart.exe" deleted
    "C:\PROGRA~2\BrowseSmart" not deleted
    "C:\PROGRA~2\Ask.com" deleted
    "C:\PROGRA~2\BrowseSmart" not deleted
    "C:\PROGRA~2\BrowseSmart\bin" not deleted
    "C:\PROGRA~2\Ask.com\Updater" deleted
    "C:\PROGRA~2\BrowseSmart\bin" not deleted

    ==== System Specs ======================

    Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
    Memory (RAM): 4044 MB
    CPU Info: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    CPU Speed: 2495.6 MHz
    Sound Card: Speakers and Headphones (IDT Hi |
    Communications Headphones (IDT |
    Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
    Monitors: 1x; Generic PnP Monitor |
    Screen Resolution: 1366 X 768 - 32 bit
    Network: Network Present
    Network Adapters: Ralink RT5390 802.11b/g/n WiFi Adapter | Realtek PCIe FE Family Controller
    CD / DVD Drives: 1x (F: | ) F: hp CDDVDW SN-208BB
    Ports: COM Ports NOT Present. LPT Port NOT Present.
    Mouse: 5 Button Wheel Mouse Present
    Hard Disks: C: 572.2GB | D: 19.8GB | E: 4.0GB
    Hard Disks - Free: C: 304.5GB | D: 2.1GB | E: 1.1GB
    Manufacturer *: Insyde
    BIOS Info: AT/AT COMPATIBLE | 03/22/12 | HPQOEM - 1
    Time Zone: GMT Standard Time
    Motherboard *: Hewlett-Packard 166F
    Country: United Kingdom
    Language: ENG

    ==== System Specs (Software) ======================

    Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)
    Anti-Spyware: Windows Defender disabled (Outdated)
    Anti-Spyware: Norton Internet Security disabled (Outdated)
    Firewall: Norton Internet Security disabled
    Default Browser: Firefox 25.0.1
    Internet Explorer Version: 11.0.9600.16476
    Mozilla Firefox version: 25.0.1 (x86 en-US)
    Google Chrome version: 31.0.1650.63
    Adobe Reader version: 10.1.8.24
    Sun Java version: 1.7.0_45 (32-bit)
    Sun Java version: 1.7.0_03 (64-bit)
    Flash Player version: 11.9.900.170
    Shockwave Player version: 11.6.1r629

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====
    ====== C:\Users\Dave\AppData\Local\Temp ====
    2013-12-19 19:34:11 C3C077A40B42178B33A40E2D3D1BED3F 20133824 ----a-w- C:\Users\Dave\AppData\Local\Temp\tmpp1voj0\googledrivesync.exe
    ====== Java Cache =====
    2013-11-28 19:49:35 D129C3FB5BB5E96477F8E28150B7C88E 37 ----a-w- C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\461b1b9b-6.0.lap
    ====== C:\Windows\SysWOW64 =====
    ====== C:\Windows\SysWOW64\drivers =====
    ====== C:\Windows\Sysnative =====
    ====== C:\Windows\Sysnative\drivers =====
    2013-12-10 20:04:30 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys
    2013-12-10 20:04:30 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys
    ====== C:\Windows\Tasks ======
    ====== C:\Windows\Temp ======
    ======= C:\Program Files =====
    ======= C:\PROGRA~2 =====
    2013-12-11 21:08:22 -------- d-----w- C:\PROGRA~2\BrowseSmart
    ======= C: =====
    2013-12-11 21:21:32 201BA1774F03994AE3A79C38A006D87C 3024 ----a-w- C:\{8DF8DD75-F63D-4F12-8624-9E14EFC045B4}
    2013-12-07 14:24:34 F2CBB3B2181CADF421858B422E77D4A7 2688 ----a-w- C:\{BB20385E-C8BE-4DF7-ABE6-DC8B5B47F042}
    ====== C:\Users\Dave\AppData\Roaming ======
    2013-12-19 19:35:02 -------- d-----w- C:\Users\Default\AppData\Local\Google
    2013-12-19 19:35:02 -------- d-----w- C:\Users\Default User\AppData\Local\Google
    2013-12-11 21:09:23 -------- d-----w- C:\Users\Dave\AppData\Roaming\0S1F1O2Z0S2Y1H1T
    ====== C:\Users\Dave ======
    2013-12-15 22:02:22 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Dave\Desktop\jiykdpri.exe
    2013-12-11 22:46:08 -------- d-----r- C:\Users\Dave\Google Drive
    2013-12-11 22:44:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2013-12-10 20:33:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

    ====== C: exe-files ==
    2013-12-19 19:34:11 C3C077A40B42178B33A40E2D3D1BED3F 20133824 ----a-w- C:\Users\Dave\AppData\Local\Temp\tmpp1voj0\googledrivesync.exe
    === C: other files ==
    2013-12-26 08:52:45 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Dave\AppData\Local\Temp\_MEI47122\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
    2013-12-19 19:35:11 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Dave\AppData\Local\Temp\_MEI34962\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
    "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
    "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
    "WinPatrol"="C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot"
    "AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"
    "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
    "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
    "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
    "ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    "mobilegeni daemon"="C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
    "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"

    ==== Startup Registry Enabled x64 ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe"
    "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    "IgfxTray"="C:\Windows\system32\igfxtray.exe"
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
    "Persistence"="C:\Windows\system32\igfxpers.exe"
    "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
    "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

    ==== Startup Folders ======================

    2013-01-05 19:47:00 1047 ----a-w- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
    C:\Windows\tasks\HPCeeScheduleForDave.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 11:43]
    C:\Windows\tasks\HPCeeScheduleForSimonka.job --a------ [Undetermined Task]

    ==== Other Scheduled Tasks ======================

    "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
    "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Home-HP-Dave" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
    "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Home-HP-Simonka" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
    "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
    "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
    "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
    "C:\Windows\SysNative\tasks\HPCeeScheduleForDave" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
    "C:\Windows\SysNative\tasks\HPCeeScheduleForSimonka" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
    "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
    "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe"]
    "C:\Windows\SysNative\tasks\SetupManager" ["C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe"]
    "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{635AEB16-CEEA-4EEB-B499-F2719026EF78}" [C:\Windows\system32\msfeedssync.exe]
    "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B1038EC6-A4BB-43E7-8CA8-5DF2B5E73BB6}" [C:\Windows\system32\msfeedssync.exe]
    "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{BCA73DF3-6904-41A5-9703-D26DFC278BAD}" [C:\Windows\system32\msfeedssync.exe]
    "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F45F8AF9-EF0C-4D52-BC37-3C9498ED2534}" [C:\Windows\system32\msfeedssync.exe]
    "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
    "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
    "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
    "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
    "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
    "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
    "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
    "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]
    "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]
    "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

    ==== Firefox Extensions Registry ======================

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
    "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn" [26/12/2013 08:51]

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default
    - IE Tab 2 FF 3.6 - %ProfilePath%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    - MySearchDial NewTab - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    - BonanzaDeals - %ProfilePath%\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}

    ProfilePath: C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default
    - MySearchDial NewTab - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

    AppDir: C:\Program Files (x86)\Mozilla Firefox
    - Undetermined - %AppDir%\extensions\[email protected]
    - TrueSuite Website Logon - %AppDir%\extensions\[email protected]
    - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default
    F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
    C694F47FB5870679B9C0D8D4BE97556B - C:\Users\Dave\AppData\Roaming\ACEStream\player\npace_plugin.dll - Ace Stream P2P Multimedia Plug-in
    E07CABED038DF9993618431258E34238 - C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll - WPI Detector 1.5
    F556A64AB2DB1BD834E7C89CE211516B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director


    ==== Deleted Firefox Extensions ======================

    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} deleted
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\n8vklyyd.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} deleted
    C:\Users\Simonka\AppData\Roaming\Mozilla\Firefox\Profiles\w1paw79s.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} deleted

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    bfmogjcijkfeahcajecmmegieipfbdcc - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[18/08/2011 07:51]
    ippenodjaoidmkkfdlmdhofiebnpjddb - C:\Program Files (x86)\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx[]
    mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[28/11/2013 13:56]
    pflphaooapbgpeakohlggbpidpppgdff - C:\Users\Dave\AppData\Local\mysearchdial-speeddial.crx[]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    apdfllckaahabafndbhieahigkjlhalf - C:\Users\Dave\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[11/12/2013 22:45]
    pflphaooapbgpeakohlggbpidpppgdff - C:\Users\Dave\AppData\Local\mysearchdial-speeddial.crx[]

    Website Logon - Dave - Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc
    BonanzaDeals - Dave - Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
    Norton Identity Protection - Dave - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Google Wallet - Dave - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Website Logon - Simonka - Default\Extensions\bfmogjcijkfeahcajecmmegieipfbdcc
    YouTube - Simonka - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    Google Search - Simonka - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    Norton Identity Protection - Simonka - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Gmail - Simonka - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ==== Chrome Fix ======================

    C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippenodjaoidmkkfdlmdhofiebnpjddb_0.localstorage deleted successfully
    C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage deleted successfully
    C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj deleted successfully
    C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ieadcoanfjloocmfafkebdnfefmohngj_0.localstorage deleted successfully

    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.co.uk"
    "Search Page"="http://www.google.com"
    "Search Bar"="http://www.google.com/ie"
    "Default_Search_URL"="http://www.google.com/ie"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir="
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Start Page"="http://start.mysearchdial.com/?f=1&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir="
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
    @="http://www.google.com/search?q=%s"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir="
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://start.mysearchdial.com/?f=2&a=suma1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyCtC0Fzzzy0ByCzzyB0AtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1830256455&ir="
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://www.google.com/ie"
    "Default_Search_URL"="http://www.google.com/ie"

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="https://www.google.co.uk"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
    "(Default)"="http://search.msn.com/results.asp?q=%s"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{D707DAF7-8609-4AA8-9A6E-F53BF9E725C6}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
    {77AA745B-F4F8-45DA-9B14-61D2D95054C8} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"
    {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}"
    {D707DAF7-8609-4AA8-9A6E-F53BF9E725C6} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}"

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} deleted successfully
    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFBB88A9-C663-4B9B-9170-70FA0A5A2786} deleted successfully

    -----> end of part 1
     
  6. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    cont....


    ==== Deleting CLSID Registry Values ======================

    HKEY_USERS\S-1-5-21-1195604076-2677614570-1163669113-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{302A1E2E-DD58-4673-BC99-9CC10EC2637A} deleted successfully
    HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully
    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals deleted successfully

    ==== HijackThis Entries ======================

    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
    O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
    O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/UK/TechConsole/x86/RescueControl.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    ==== Sysinternals Autoruns Log ======================

    HKLM\System\CurrentControlSet\Services
    AdobeARMservice
    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
    Adobe Acrobat Updater keeps your Adobe software up to date.
    Adobe Systems Incorporated
    1.7.4.0
    c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
    04/04/2013 21:05
    AdobeFlashPlayerUpdateSvc
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
    Adobe Systems Incorporated
    11.9.900.170
    c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
    01/12/2013 18:09
    Apple Mobile Device
    "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
    Provides the interface to Apple mobile devices.
    Apple Inc.
    17.89.0.12
    c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
    19/01/2012 18:31
    Bonjour Service
    "C:\Program Files\Bonjour\mDNSResponder.exe"
    Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
    Apple Inc.
    3.0.0.10
    c:\program files\bonjour\mdnsresponder.exe
    31/08/2011 05:52
    ezSharedSvc
    C:\Windows\System32\ezSharedSvcHost.exe
    Provides licensing, security and parental control services for EasyBits applications. If this service is stopped or disabled, these applications will not function properly.
    EasyBits Software AS
    5.0.0.101
    c:\windows\syswow64\ezsharedsvchost.exe
    19/06/1992 22:22
    FPLService
    "C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe"
    Provides convenient and secure fingerprint authentication and identity management.
    HP
    5.3.0.264
    c:\program files (x86)\hp simplepass 2011\truesuiteservice.exe
    19/08/2011 09:35
    GamesAppService
    "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
    WT Games App Services
    WildTangent, Inc.
    4.0.4918.0
    c:\program files (x86)\wildtangent games\app\gamesappservice.exe
    04/10/2010 22:15
    gupdate
    "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
    Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
    Google Inc.
    1.2.183.21
    c:\program files (x86)\google\update\googleupdate.exe
    09/03/2010 06:10
    gupdatem
    "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
    Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
    Google Inc.
    1.2.183.21
    c:\program files (x86)\google\update\googleupdate.exe
    09/03/2010 06:10
    gusvc
    "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
    gusvc
    Google
    2.0.711.37800
    c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
    14/12/2006 05:55
    HP Support Assistant Service
    "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
    HP Support Assistant Service
    Hewlett-Packard Company
    7.0.39.14
    c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
    27/09/2012 11:55
    HPClientSvc
    "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
    HP Client Services
    Hewlett-Packard Company
    1.1.0.3539
    c:\program files\hewlett-packard\hp client services\hpclientservices.exe
    11/10/2010 09:47
    HPDrvMntSvc.exe
    "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
    HP Quick Synchronization Service
    Hewlett-Packard Company
    4.6.10.1
    c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe
    06/09/2012 15:24
    hpqwmiex
    "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
    HP Software Framework WMI Service
    Hewlett-Packard Company
    4.6.10.1
    c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
    06/09/2012 15:18
    HPWMISVC
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    HP Quick Launch WMI Service
    Hewlett-Packard Development Company, L.P.
    2.7.1.0
    c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe
    05/03/2012 05:32
    IAStorDataMgrSvc
    "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
    Provides storage event notification and manages communication between the storage driver and user space applications.
    Intel Corporation
    10.5.0.1027
    c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
    30/04/2011 07:28
    IconMan_R
    "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
    Realtek Card Reader Icon Tool.
    Realsil Microelectronics Inc.
    1.3.9.1
    c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe
    31/08/2011 08:28
    iPod Service
    "C:\Program Files\iPod\bin\iPodService.exe"
    iPod hardware management services
    Apple Inc.
    10.6.1.7
    c:\program files\ipod\bin\ipodservice.exe
    27/03/2012 11:29
    jhi_service
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    Intel(R) Identity Protection Technology Host Interface Service - Allows applications to access the local Intel Identity Protection Technology
    Intel Corporation
    1.2.22.0
    c:\program files (x86)\intel\services\ipt\jhi_service.exe
    28/09/2011 23:00
    LMS
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces.
    Intel Corporation
    7.1.3.1053
    c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
    01/02/2011 21:26
    MozillaMaintenance
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
    Mozilla Foundation
    25.0.1.5064
    c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
    13/11/2013 01:14
    NIS
    "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll" /prefetch:1
    Norton Internet Security
    Symantec Corporation
    12.3.3.2
    c:\program files (x86)\norton internet security\engine\20.4.0.40\ccsvchst.exe
    20/05/2013 23:25
    SkypeUpdate
    "C:\Program Files (x86)\Skype\Updater\Updater.exe"
    Enables the detection, download and installation of updates for Skype.
    Skype Technologies
    5.10.1.44067
    c:\program files (x86)\skype\updater\updater.exe
    13/07/2012 12:28
    STacSV
    C:\Program Files\IDT\WDM\STacSV64.exe
    Manages audio jack configurations.
    IDT, Inc.
    1.0.6365.0
    c:\program files\idt\wdm\stacsv64.exe
    08/09/2011 11:00
    SwitchBoard
    "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
    SwitchBoard Server (32 bit)
    Adobe Systems Incorporated
    2.0.13.7486
    c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
    19/02/2010 20:50
    UNS
    "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
    Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device.
    Intel Corporation
    7.1.3.1053
    c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
    01/02/2011 21:30

    HKLM\System\CurrentControlSet\Services
    adp94xx
    \SystemRoot\system32\drivers\adp94xx.sys
    Adaptec Windows SAS/SATA Storport Driver
    Adaptec, Inc.
    1.6.6.4
    c:\windows\system32\drivers\adp94xx.sys
    05/12/2008 23:54
    adpahci
    \SystemRoot\system32\drivers\adpahci.sys
    Adaptec Windows SATA Storport Driver
    Adaptec, Inc.
    1.6.6.1
    c:\windows\system32\drivers\adpahci.sys
    01/05/2007 17:30
    adpu320
    \SystemRoot\system32\drivers\adpu320.sys
    Adaptec StorPort Ultra320 SCSI Driver (X64)
    Adaptec, Inc.
    7.2.0.0
    c:\windows\system32\drivers\adpu320.sys
    28/02/2007 00:04
    aliide
    \SystemRoot\system32\drivers\aliide.sys
    ALi mini IDE Driver
    Acer Laboratories Inc.
    1.2.0.0
    c:\windows\system32\drivers\aliide.sys
    13/07/2009 23:19
    amdsata
    \SystemRoot\system32\drivers\amdsata.sys
    AHCI 1.2 Device Driver
    Advanced Micro Devices
    1.1.2.5
    c:\windows\system32\drivers\amdsata.sys
    19/03/2010 00:45
    amdsbs
    \SystemRoot\system32\drivers\amdsbs.sys
    AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
    AMD Technologies Inc.
    3.6.1540.127
    c:\windows\system32\drivers\amdsbs.sys
    20/03/2009 18:36
    amdxata
    system32\drivers\amdxata.sys
    Storage Filter Driver
    Advanced Micro Devices
    1.1.2.5
    c:\windows\system32\drivers\amdxata.sys
    19/03/2010 16:18
    arc
    \SystemRoot\system32\drivers\arc.sys
    Adaptec RAID Storport Driver
    Adaptec, Inc.
    5.2.0.10384
    c:\windows\system32\drivers\arc.sys
    24/05/2007 21:27
    arcsas
    \SystemRoot\system32\drivers\arcsas.sys
    Adaptec SAS RAID WS03 Driver
    Adaptec, Inc.
    5.2.0.16119
    c:\windows\system32\drivers\arcsas.sys
    14/01/2009 19:27
    b06bdrv
    \SystemRoot\system32\drivers\bxvbda.sys
    Broadcom NetXtreme II GigE VBD
    Broadcom Corporation
    4.8.2.0
    c:\windows\system32\drivers\bxvbda.sys
    13/02/2009 22:18
    b57nd60a
    system32\DRIVERS\b57nd60a.sys
    Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
    Broadcom Corporation
    10.100.4.0
    c:\windows\system32\drivers\b57nd60a.sys
    26/04/2009 11:14
    BCM43XX
    system32\DRIVERS\bcmwl664.sys
    Broadcom 802.11 Network Adapter wireless driver
    Broadcom Corporation
    4.176.75.18
    c:\windows\system32\drivers\bcmwl664.sys
    27/03/2009 01:06
    BHDrvx64
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20131203.001\BHDrvx64.sys
    SONAR Engine Driver
    Symantec Corporation
    8.1.0.17
    c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\bashdefs\20131203.001\bhdrvx64.sys
    27/11/2013 06:18
    BrFiltLo
    \SystemRoot\system32\drivers\BrFiltLo.sys
    Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver
    Brother Industries, Ltd.
    1.10.0.2
    c:\windows\system32\drivers\brfiltlo.sys
    07/08/2006 01:51
    BrFiltUp
    \SystemRoot\system32\drivers\BrFiltUp.sys
    Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver
    Brother Industries, Ltd.
    1.4.0.1
    c:\windows\system32\drivers\brfiltup.sys
    07/08/2006 01:51
    Brserid
    \SystemRoot\System32\Drivers\Brserid.sys
    Brotehr Serial I/F Driver (WDM)
    Brother Industries Ltd.
    1.0.1.6
    c:\windows\system32\drivers\brserid.sys
    07/08/2006 01:51
    BrSerWdm
    \SystemRoot\System32\Drivers\BrSerWdm.sys
    Brother Serial driver (WDM version)
    Brother Industries Ltd.
    1.0.0.20
    c:\windows\system32\drivers\brserwdm.sys
    07/08/2006 01:51
    BrUsbMdm
    \SystemRoot\System32\Drivers\BrUsbMdm.sys
    Brother USB MDM Driver
    Brother Industries Ltd.
    1.0.0.12
    c:\windows\system32\drivers\brusbmdm.sys
    07/08/2006 01:51
    BrUsbSer
    \SystemRoot\System32\Drivers\BrUsbSer.sys
    Brother USB Serial Driver
    Brother Industries Ltd.
    1.0.1.3
    c:\windows\system32\drivers\brusbser.sys
    09/08/2006 12:11
    ccSet_NIS
    \SystemRoot\system32\drivers\NISx64\1404000.028\ccSetx64.sys
    Common Client Settings Driver
    Symantec Corporation
    12.3.2.3
    c:\windows\system32\drivers\nisx64\1404000.028\ccsetx64.sys
    22/03/2013 03:02
    clwvd
    system32\DRIVERS\clwvd.sys
    CyberLink WebCam Virtual Driver
    CyberLink Corporation
    1.0.0.0
    c:\windows\system32\drivers\clwvd.sys
    28/07/2010 01:13
    cmdide
    \SystemRoot\system32\drivers\cmdide.sys
    CMD PCI IDE Bus Driver
    CMD Technology, Inc.
    2.0.7.0
    c:\windows\system32\drivers\cmdide.sys
    13/07/2009 23:19
    ebdrv
    \SystemRoot\system32\drivers\evbda.sys
    Broadcom NetXtreme II 10 GigE VBD
    Broadcom Corporation
    4.8.13.0
    c:\windows\system32\drivers\evbda.sys
    31/12/2008 16:29
    eeCtrl
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    Symantec Eraser Control Driver
    Symantec Corporation
    113.1.2.11
    c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys
    09/10/2013 20:50
    elxstor
    \SystemRoot\system32\drivers\elxstor.sys
    Storport Miniport Driver for LightPulse HBAs
    Emulex
    7.2.10.211
    c:\windows\system32\drivers\elxstor.sys
    03/02/2009 22:52
    EraserUtilRebootDrv
    \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    Symantec Eraser Utility Driver
    Symantec Corporation
    113.1.2.11
    c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys
    09/10/2013 20:50
    GEARAspiWDM
    system32\DRIVERS\GEARAspiWDM.sys
    CD DVD Filter
    GEAR Software Inc.
    2.2.0.1
    c:\windows\system32\drivers\gearaspiwdm.sys
    18/05/2009 12:17
    hcw85cir
    \SystemRoot\system32\drivers\hcw85cir.sys
    Hauppauge WinTV 885 Consumer IR Driver for eHome
    Hauppauge Computer Works, Inc.
    1.31.27127.0
    c:\windows\system32\drivers\hcw85cir.sys
    11/05/2009 08:26
    HP8107Fltr
    system32\DRIVERS\HP8107.sys
    Copyright (c) 2010 HP
    Windows (R) Win 7 DDK provider
    1.12.7600.16385
    c:\windows\system32\drivers\hp8107.sys
    04/02/2010 08:20
    HpSAMD
    \SystemRoot\system32\drivers\HpSAMD.sys
    Smart Array SAS/SATA Controller Media Driver
    Hewlett-Packard Company
    6.12.6.64
    c:\windows\system32\drivers\hpsamd.sys
    20/04/2010 18:32
    iaStor
    system32\DRIVERS\iaStor.sys
    Intel Rapid Storage Technology driver - x64
    Intel Corporation
    10.5.0.1026
    c:\windows\system32\drivers\iastor.sys
    26/04/2011 18:06
    iaStorV
    \SystemRoot\system32\drivers\iaStorV.sys
    Intel Matrix Storage Manager driver - x64
    Intel Corporation
    8.6.2.1014
    c:\windows\system32\drivers\iastorv.sys
    11/06/2010 00:46
    IDSVia64
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20131225.001\IDSvia64.sys
    Symantec Intrusion Prevention Driver
    Symantec Corporation
    12.0.4.5
    c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\ipsdefs\20131225.001\idsvia64.sys
    06/12/2013 01:53
    igfx
    system32\DRIVERS\igdkmd64.sys
    Intel Graphics Kernel Mode Driver
    Intel Corporation
    8.15.10.2559
    c:\windows\system32\drivers\igdkmd64.sys
    21/10/2011 17:29
    iirsp
    \SystemRoot\system32\drivers\iirsp.sys
    Intel/ICP Raid Storport Driver
    Intel Corp./ICP vortex GmbH
    5.4.22.0
    c:\windows\system32\drivers\iirsp.sys
    13/12/2005 21:47
    IntcDAud
    system32\DRIVERS\IntcDAud.sys
    Intel(R) Display Audio Driver
    Intel(R) Corporation
    6.14.0.3086
    c:\windows\system32\drivers\intcdaud.sys
    23/08/2011 13:12
    LSI_FC
    \SystemRoot\system32\drivers\lsi_fc.sys
    LSI Fusion-MPT FC Driver (StorPort)
    LSI Corporation
    1.28.3.52
    c:\windows\system32\drivers\lsi_fc.sys
    09/12/2008 22:46
    LSI_SAS
    \SystemRoot\system32\drivers\lsi_sas.sys
    LSI Fusion-MPT SAS Driver (StorPort)
    LSI Corporation
    1.28.3.52
    c:\windows\system32\drivers\lsi_sas.sys
    19/05/2009 00:20
    LSI_SAS2
    \SystemRoot\system32\drivers\lsi_sas2.sys
    LSI SAS Gen2 Driver (StorPort)
    LSI Corporation
    2.0.2.71
    c:\windows\system32\drivers\lsi_sas2.sys
    19/05/2009 00:31
    LSI_SCSI
    \SystemRoot\system32\drivers\lsi_scsi.sys
    LSI Fusion-MPT SCSI Driver (StorPort)
    LSI Corporation
    1.28.3.67
    c:\windows\system32\drivers\lsi_scsi.sys
    16/04/2009 22:13
    megasas
    \SystemRoot\system32\drivers\megasas.sys
    MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64
    LSI Corporation
    4.5.1.64
    c:\windows\system32\drivers\megasas.sys
    19/05/2009 01:09
    MegaSR
    \SystemRoot\system32\drivers\MegaSR.sys
    LSI MegaRAID Software RAID Driver
    LSI Corporation, Inc.
    13.5.409.2009
    c:\windows\system32\drivers\megasr.sys
    19/05/2009 01:25
    MEIx64
    system32\DRIVERS\HECIx64.sys
    Intel(R) Management Engine Interface
    Intel Corporation
    7.0.0.1144
    c:\windows\system32\drivers\hecix64.sys
    19/10/2010 23:33
    NAVENG
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131225.025\ENG64.SYS
    AV Engine
    Symantec Corporation
    20131.1.5.61
    c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\virusdefs\20131225.025\eng64.sys
    22/08/2013 20:38
    NAVEX15
    \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20131225.025\EX64.SYS
    AV Engine
    Symantec Corporation
    20131.1.5.61
    c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\virusdefs\20131225.025\ex64.sys
    22/08/2013 20:36
    netr28x
    system32\DRIVERS\netr28x.sys
    Ralink 802.11 Wireless Adapter Driver
    Ralink Technology, Corp.
    3.2.13.0
    c:\windows\system32\drivers\netr28x.sys
    12/04/2012 11:44
    nfrd960
    \SystemRoot\system32\drivers\nfrd960.sys
    IBM ServeRAID Controller Driver
    IBM Corporation
    7.10.0.0
    c:\windows\system32\drivers\nfrd960.sys
    06/06/2006 21:11
    NVENETFD
    system32\DRIVERS\nvm62x64.sys
    NVIDIA MCP Networking Function Driver.
    NVIDIA Corporation
    1.0.1.210
    c:\windows\system32\drivers\nvm62x64.sys
    17/10/2008 21:01
    nvraid
    \SystemRoot\system32\drivers\nvraid.sys
    NVIDIA© nForce(TM) RAID Driver
    NVIDIA Corporation
    10.6.0.18
    c:\windows\system32\drivers\nvraid.sys
    19/03/2010 20:59
    nvstor
    \SystemRoot\system32\drivers\nvstor.sys
    NVIDIA© nForce(TM) Sata Performance Driver
    NVIDIA Corporation
    10.6.0.18
    c:\windows\system32\drivers\nvstor.sys
    19/03/2010 20:45
    ql2300
    \SystemRoot\system32\drivers\ql2300.sys
    QLogic Fibre Channel Stor Miniport Driver
    QLogic Corporation
    9.1.8.6
    c:\windows\system32\drivers\ql2300.sys
    22/01/2009 23:05
    ql40xx
    \SystemRoot\system32\drivers\ql40xx.sys
    QLogic iSCSI Storport Miniport Driver
    QLogic Corporation
    2.1.3.20
    c:\windows\system32\drivers\ql40xx.sys
    19/05/2009 01:18
    RSPCIESTOR
    system32\DRIVERS\RtsPStor.sys
    Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7
    Realtek Semiconductor Corp.
    6.1.7601.85
    c:\windows\system32\drivers\rtspstor.sys
    02/09/2011 03:24
    RTL8167
    system32\DRIVERS\Rt64win7.sys
    Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver
    Realtek
    7.48.823.2011
    c:\windows\system32\drivers\rt64win7.sys
    23/08/2011 13:55
    secdrv
    secdrv
    Macrovision SECURITY Driver
    Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
    4.3.86.0
    c:\windows\system32\drivers\secdrv.sys
    13/09/2006 13:18
    SiSRaid2
    \SystemRoot\system32\drivers\SiSRaid2.sys
    SiS RAID Stor Miniport Driver
    Silicon Integrated Systems Corp.
    5.1.1039.2600
    c:\windows\system32\drivers\sisraid2.sys
    24/09/2008 18:28
    SiSRaid4
    \SystemRoot\system32\drivers\sisraid4.sys
    SiS AHCI Stor-Miniport Driver
    Silicon Integrated Systems
    5.1.1039.3600
    c:\windows\system32\drivers\sisraid4.sys
    01/10/2008 21:56
    SRTSP
    \SystemRoot\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS
    Symantec AutoProtect
    Symantec Corporation
    14.4.1.1
    c:\windows\system32\drivers\nisx64\1404000.028\srtsp64.sys
    22/04/2013 22:26
    SRTSPX
    \SystemRoot\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS
    Symantec AutoProtect
    Symantec Corporation
    14.3.0.31
    c:\windows\system32\drivers\nisx64\1404000.028\srtspx64.sys
    25/01/2013 21:30
    SrvHsfHDA
    system32\DRIVERS\VSTAZL6.SYS
    HSF_HWAZL WDM driver
    Conexant Systems, Inc.
    7.80.2.0
    c:\windows\system32\drivers\vstazl6.sys
    16/10/2008 00:53
    SrvHsfV92
    system32\DRIVERS\VSTDPV6.SYS
    HSF_DP driver
    Conexant Systems, Inc.
    7.80.2.0
    c:\windows\system32\drivers\vstdpv6.sys
    16/10/2008 00:57
    SrvHsfWinac
    system32\DRIVERS\VSTCNXT6.SYS
    HSF_CNXT driver
    Conexant Systems, Inc.
    7.80.2.0
    c:\windows\system32\drivers\vstcnxt6.sys
    16/10/2008 00:52
    stexstor
    \SystemRoot\system32\drivers\stexstor.sys
    Promise SuperTrak EX Series Driver for Windows
    Promise Technology
    5.0.1.1
    c:\windows\system32\drivers\stexstor.sys
    17/02/2009 23:03
    STHDA
    system32\DRIVERS\stwrt64.sys
    IDT PC Audio
    IDT, Inc.
    6.10.6365.0
    c:\windows\system32\drivers\stwrt64.sys
    08/09/2011 10:48
    SymDS
    system32\drivers\NISx64\1404000.028\SYMDS64.SYS
    Symantec Data Store
    Symantec Corporation
    2.2.1.10
    c:\windows\system32\drivers\nisx64\1404000.028\symds64.sys
    25/04/2013 23:19
    SymEFA
    system32\drivers\NISx64\1404000.028\SYMEFA64.SYS
    Symantec Extended File Attributes
    Symantec Corporation
    4.2.0.53
    c:\windows\system32\drivers\nisx64\1404000.028\symefa64.sys
    19/01/2013 00:31
    SymEvent
    \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    Symantec Event Library
    Symantec Corporation
    12.9.3.1
    c:\windows\system32\drivers\symevent64x86.sys
    22/08/2012 05:33
    SymIRON
    \SystemRoot\system32\drivers\NISx64\1404000.028\Ironx64.SYS
    Iron Driver
    Symantec Corporation
    3.1.0.11
    c:\windows\system32\drivers\nisx64\1404000.028\ironx64.sys
    24/07/2012 00:34
    SymNetS
    \SystemRoot\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS
    Network Security Driver
    Symantec Corporation
    13.1.1.7
    c:\windows\system32\drivers\nisx64\1404000.028\symnets.sys
    09/04/2013 23:24
    SynTP
    system32\DRIVERS\SynTP.sys
    Synaptics Touchpad Driver
    Synaptics Incorporated
    15.3.11.0
    c:\windows\system32\drivers\syntp.sys
    10/06/2011 00:15
    USBAAPL64
    System32\Drivers\usbaapl64.sys
    Apple Mobile Device USB Driver
    Apple, Inc.
    1.59.0.0
    c:\windows\system32\drivers\usbaapl64.sys
    11/01/2012 00:56
    viaide
    \SystemRoot\system32\drivers\viaide.sys
    VIA Generic PCI IDE Bus Driver
    VIA Technologies, Inc.
    6.0.6000.170
    c:\windows\system32\drivers\viaide.sys
    13/07/2009 23:19
    vsmraid
    \SystemRoot\system32\drivers\vsmraid.sys
    VIA RAID DRIVER FOR AMD-X86-64
    VIA Technologies Inc.,Ltd
    6.0.6000.6210
    c:\windows\system32\drivers\vsmraid.sys
    31/01/2009 01:18

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    igfxcui
    igfxdev.dll
    igfxdev Module
    Intel Corporation
    8.15.10.2559
    c:\windows\system32\igfxdev.dll
    21/10/2011 16:57

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
    Epson Inbox Language Monitor01
    EP0SLM01.DLL
    Epson Printer Driver
    SEIKO EPSON CORPORATION
    1.0.0.0
    c:\windows\system32\ep0slm01.dll
    14/07/2009 01:29

    HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
    mdnsNSP
    C:\Program Files (x86)\Bonjour\mdnsNSP.dll
    Bonjour Namespace Provider
    Apple Inc.
    3.0.0.10
    c:\program files (x86)\bonjour\mdnsnsp.dll
    31/08/2011 05:44

    HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
    mdnsNSP
    C:\Program Files\Bonjour\mdnsNSP.dll
    Bonjour Namespace Provider
    Apple Inc.
    3.0.0.10
    c:\program files\bonjour\mdnsnsp.dll
    31/08/2011 05:53

    HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
    rdpclip
    rdpclip
    File not found: rdpclip


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SynTPEnh
    %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    Synaptics TouchPad Enhancements
    Synaptics Incorporated
    15.3.11.0
    c:\program files\synaptics\syntp\syntpenh.exe
    10/06/2011 00:50
    SysTrayApp
    C:\Program Files\IDT\WDM\sttray64.exe
    IDT PC Audio
    IDT, Inc.
    1.0.6365.0
    c:\program files\idt\wdm\sttray64.exe
    08/09/2011 11:01
    SetDefault
    C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
    SetDefault
    Hewlett-Packard Development Company, L.P.
    1.1.5.0
    c:\program files\hewlett-packard\hp launchbox\setdefault.exe
    19/12/2011 15:29
    AdobeAAMUpdater-1.0
    "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    Adobe Updater Startup Utility
    Adobe Systems Incorporated
    6.2.0.1
    c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
    09/04/2012 11:13
    IgfxTray
    C:\Windows\system32\igfxtray.exe
    igfxTray Module
    Intel Corporation
    8.15.10.2559
    c:\windows\system32\igfxtray.exe
    21/10/2011 16:58
    HotKeysCmds
    C:\Windows\system32\hkcmd.exe
    hkcmd Module
    Intel Corporation
    8.15.10.2559
    c:\windows\system32\hkcmd.exe
    21/10/2011 16:58
    Persistence
    C:\Windows\system32\igfxpers.exe
    persistence Module
    Intel Corporation
    8.15.10.2559
    c:\windows\system32\igfxpers.exe
    21/10/2011 16:58

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    HPQuickWebProxy
    "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    HP QuickWeb Utilities
    Hewlett-Packard Company
    3.1.1.10197
    c:\program files (x86)\hewlett-packard\hp quickweb\hpqwutils.exe
    07/10/2011 11:09
    Adobe ARM
    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    Adobe Reader and Acrobat Manager
    Adobe Systems Incorporated
    1.7.4.0
    c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
    04/04/2013 21:05
    HPOSD
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    HP On Screen Display
    Hewlett-Packard Development Company, L.P.
    1.3.5.0
    c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe
    19/08/2011 06:48
    Easybits Recovery
    C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    EasyBits Software AS
    3.0.0.5
    c:\program files (x86)\easybits for kids\ezrecover.exe
    19/06/1992 22:22
    WinPatrol
    C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    WinPatrol System Monitor
    BillP Studios
    24.6.2012.0
    c:\program files (x86)\billp studios\winpatrol\winpatrol.exe
    15/04/2012 21:04
    AdobeCS5ServiceManager
    "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    Adobe CS5 Service Manager
    Adobe Systems Incorporated
    5.0.1.134
    c:\program files (x86)\common files\adobe\cs5servicemanager\cs5servicemanager.exe
    22/07/2010 20:10
    SwitchBoard
    C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    SwitchBoard Server (32 bit)
    Adobe Systems Incorporated
    2.0.13.7486
    c:\program files (x86)\common files\adobe\switchboard\switchboard.exe
    19/02/2010 20:50
    APSDaemon
    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    Apple Push
    Apple Inc.
    2.2.9.2
    c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
    17/04/2013 03:13
    iTunesHelper
    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    iTunesHelper
    Apple Inc.
    10.6.1.7
    c:\program files (x86)\itunes\ituneshelper.exe
    27/03/2012 11:28
    HP Quick Launch
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    HP Message Service
    Hewlett-Packard Development Company, L.P.
    2.7.2.0
    c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe
    05/03/2012 05:32
    AdobeCS6ServiceManager
    "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    Adobe CS6 Service Manager
    Adobe Systems Incorporated
    3.0.0.389
    c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe
    09/03/2012 15:25
    ApnUpdater
    "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    File not found: C:\Program Files (x86)\Ask.com\Updater\Updater.exe

    QuickTime Task
    "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    QuickTime Task
    Apple Inc.
    7.7.4.0
    c:\program files (x86)\quicktime\qttask.exe
    01/05/2013 10:42
    SunJavaUpdateSched
    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    Java(TM) Update Scheduler
    Oracle Corporation
    2.1.9.8
    c:\program files (x86)\common files\java\java update\jusched.exe
    02/07/2013 16:16
    mobilegeni daemon
    C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    File not found: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    NCPluginUpdater
    "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    NCPluginUpdater
    Hewlett-Packard
    1.0.0.0
    c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe
    22/10/2013 02:52

    C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Dropbox.lnk
    C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    Dropbox
    Dropbox, Inc.
    2.0.22.0
    c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe
    05/04/2013 20:44

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
    Internet Explorer
    C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    File not found: C:\Windows\system32\ie4uinit.exe

    Google Chrome
    "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Google Chrome
    Google Inc.
    31.0.1650.63
    c:\program files (x86)\google\chrome\application\31.0.1650.63\installer\chrmstp.exe
    04/12/2013 01:54

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Akamai NetSession Interface
    "C:\Users\Dave\AppData\Local\Akamai\netsession_win.exe"
    Akamai NetSession Client
    Akamai Technologies, Inc.
    1.8.9.2
    c:\users\dave\appdata\local\akamai\netsession_win.exe
    05/06/2013 00:47
    GoogleDriveSync
    "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    Google Drive
    Google
    1.13.5782.599
    c:\program files (x86)\google\drive\googledrivesync.exe
    02/11/2012 19:03

    Task Scheduler
    \Adobe Flash Player Updater
    "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
    Adobe© Flash© Player Update Service 11.9 r900
    Adobe Systems Incorporated
    11.9.900.170
    c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
    01/12/2013 18:09
    \AdobeAAMUpdater-1.0-Home-HP-Dave
    "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" -mode=scheduled
    Adobe Updater Startup Utility
    Adobe Systems Incorporated
    6.2.0.1
    c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
    09/04/2012 11:13
    \AdobeAAMUpdater-1.0-Home-HP-Simonka
    "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" -mode=scheduled
    Adobe Updater Startup Utility
    Adobe Systems Incorporated
    6.2.0.1
    c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
    09/04/2012 11:13
    \GoogleUpdateTaskMachineCore
    "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
    Google Installer
    Google Inc.
    1.2.183.21
    c:\program files (x86)\google\update\googleupdate.exe
    09/03/2010 06:10
    \GoogleUpdateTaskMachineUA
    "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
    Google Installer
    Google Inc.
    1.2.183.21
    c:\program files (x86)\google\update\googleupdate.exe
    09/03/2010 06:10
    \HPCeeScheduleForDave
    "C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForDave (null)
    HP Ceement
    Hewlett-Packard
    6.0.1.8
    c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe
    15/07/2011 11:42
    \HPCeeScheduleForSimonka
    "C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForSimonka (null)
    HP Ceement
    Hewlett-Packard
    6.0.1.8
    c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe
    15/07/2011 11:42
    \MirageAgent
    "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
    YouCam Mirage
    CyberLink
    1.0.0.526
    c:\program files (x86)\cyberlink\youcam\ycmmirage.exe
    26/05/2010 02:59
    \Norton WSC Integration
    "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe" /taskschd
    WSCStub
    Symantec Corporation
    20.4.0.40
    c:\program files (x86)\norton internet security\engine\20.4.0.40\wscstub.exe
    04/06/2013 04:14
    \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start
    "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
    HP Support Assistant
    Hewlett-Packard Company
    7.0.39.15
    c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
    27/09/2012 13:40
    \Hewlett-Packard\HP Support Assistant\PC Health Analysis
    "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /L Analysis
    HP Support Assistant
    Hewlett-Packard Company
    7.0.39.15
    c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
    27/09/2012 13:40
    \Hewlett-Packard\HP Support Assistant\Update Check
    "C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe" /s /p 1
    HPSFUpdater
    Hewlett-Packard Company
    7.0.1.12
    c:\programdata\hewlett-packard\hp support framework\resources\updater7\hpsfupdater.exe
    20/11/2012 20:26
    \Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)
    "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe" /EventId=2
    Detection_PostWarrantyAlert
    Hewlett-Packard
    1.0.1.4
    c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\detection_postwarrantyalert.exe
    28/08/2013 15:49
    \Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)
    "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe" /EventId=1
    Detection_PostWarrantyAlert
    Hewlett-Packard
    1.0.1.4
    c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\detection_postwarrantyalert.exe
    28/08/2013 15:49
    \Hewlett-Packard\HP Support Assistant\WarrantyChecker
    "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe"
    HPWarrantyChecker
    Hewlett-Packard
    3.4.1.2
    c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe
    22/11/2013 09:07
    \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan
    "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe" /DeviceScanR6
    HPWarrantyChecker
    Hewlett-Packard
    3.4.1.2
    c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe
    22/11/2013 09:07
    \Microsoft\Windows\NetTrace\GatherNetworkInfo
    "%windir%\system32\gatherNetworkInfo.vbs"
    c:\windows\system32\gathernetworkinfo.vbs
    10/06/2009 20:36
    \Norton Internet Security\Norton Error Analyzer
    "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /analyze
    Symantec Error Reporting
    Symantec Corporation
    4.3.0.9
    c:\program files (x86)\norton internet security\engine\20.4.0.40\symerr.exe
    04/06/2013 01:21
    \Norton Internet Security\Norton Error Processor
    "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /submit
    Symantec Error Reporting
    Symantec Corporation
    4.3.0.9
    c:\program files (x86)\norton internet security\engine\20.4.0.40\symerr.exe
    04/06/2013 01:21

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    Norton Identity Protection
    HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
    coIEPlugIn
    Symantec Corporation
    2013.4.0.10
    c:\program files (x86)\norton internet security\engine\20.4.0.40\coieplg.dll
    31/05/2013 01:44
    Norton Vulnerability Protection
    HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
    IPS Browser Helper DLL
    Symantec Corporation
    11.1.0.73
    c:\program files (x86)\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
    08/08/2012 18:50
    Java(tm) Plug-In SSV Helper
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    Java(TM) Platform SE binary
    Oracle Corporation
    10.45.2.18
    c:\program files (x86)\java\jre7\bin\ssv.dll
    08/10/2013 14:43
    TrueSuite Website Log On
    HKCR\CLSID\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}
    Website Log On
    HP
    5.3.0.264
    c:\program files (x86)\hp simplepass 2011\iebho.dll
    19/08/2011 09:38
    Skype Browser Helper
    HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Skype Click to Call for Internet Explorer
    Skype Technologies S.A.
    5.9.0.9216
    c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    17/01/2012 11:43
    Java(tm) Plug-In 2 SSV Helper
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
    Java(TM) Platform SE binary
    Oracle Corporation
    10.45.2.18
    c:\program files (x86)\java\jre7\bin\jp2ssv.dll
    08/10/2013 14:43
    HP Network Check Helper
    HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    HP Network Check IE Plug-in
    Hewlett-Packard
    7.3.1.0
    c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
    28/08/2013 08:28

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    Norton Identity Protection
    HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
    coIEPlugIn
    Symantec Corporation
    2013.4.0.10
    c:\program files (x86)\norton internet security\engine\20.4.0.40\coieplg.dll
    31/05/2013 01:44
    Norton Vulnerability Protection
    HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
    IPS Browser Helper DLL
    Symantec Corporation
    11.1.0.73
    c:\program files (x86)\norton internet security\engine\20.4.0.40\ips\ipsbho.dll
    08/08/2012 18:50
    Java(tm) Plug-In SSV Helper
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    Java(TM) Platform SE binary
    Oracle Corporation
    10.45.2.18
    c:\program files (x86)\java\jre7\bin\ssv.dll
    08/10/2013 14:43
    TrueSuite Website Log On
    HKCR\CLSID\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}
    Website Log On
    HP
    5.3.0.264
    c:\program files (x86)\hp simplepass 2011\iebho.dll
    19/08/2011 09:38
    Skype Browser Helper
    HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Skype Click to Call for Internet Explorer
    Skype Technologies S.A.
    5.9.0.9216
    c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    17/01/2012 11:43
    Java(tm) Plug-In 2 SSV Helper
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
    Java(TM) Platform SE binary
    Oracle Corporation
    10.45.2.18
    c:\program files (x86)\java\jre7\bin\jp2ssv.dll
    08/10/2013 14:43
    HP Network Check Helper
    HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
    HP Network Check IE Plug-in
    Hewlett-Packard
    7.3.1.0
    c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
    28/08/2013 08:28

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    EasyBits Security Shield Hook - prevents launching insecure programs by kids
    HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}
    EasyBits Security Shield component
    EasyBits Software Corp.
    2.0.0.37
    c:\windows\syswow64\ezupbhook.dll
    06/02/2005 21:11

    HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
    DropboxExt
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
    28/03/2013 19:43

    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
    GDContextMenu
    HKCR\CLSID\{BB02B294-8425-42E5-983F-41A1FA970CD6}
    Google Drive shell extension
    Google
    1.0.0.1
    c:\program files (x86)\google\drive\contextmenu64.dll
    26/09/2013 00:35
    IZArcCM
    HKCR\CLSID\{BC593DF5-466F-44EC-8FFD-C4DBC603B917}
    c:\program files (x86)\izarc\izarccm64.dll
    20/07/2012 11:39
    Symantec.Norton.Antivirus.IEContextMenu
    HKCR\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    Symantec Shared Component Shell Extension Module
    Symantec Corporation
    20.4.0.40
    c:\program files (x86)\norton internet security\engine64\20.4.0.40\navshext.dll
    04/06/2013 04:34

    HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers
    Symantec.Norton.Antivirus.IEContextMenu
    HKCR\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    Symantec Shared Component Shell Extension Module
    Symantec Corporation
    20.4.0.40
    c:\program files (x86)\norton internet security\engine64\20.4.0.40\navshext.dll
    04/06/2013 04:34

    HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
    DropboxExt
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
    28/03/2013 19:43

    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
    GDContextMenu
    HKCR\CLSID\{BB02B294-8425-42E5-983F-41A1FA970CD6}
    Google Drive shell extension
    Google
    1.0.0.1
    c:\program files (x86)\google\drive\contextmenu64.dll
    26/09/2013 00:35
    IZArcCM
    HKCR\CLSID\{BC593DF5-466F-44EC-8FFD-C4DBC603B917}
    c:\program files (x86)\izarc\izarccm64.dll
    20/07/2012 11:39

    HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
    IZArcCM
    HKCR\CLSID\{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}
    c:\program files (x86)\izarc\izarccm64.dll
    20/07/2012 11:39

    HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
    FileZilla3CopyHook
    HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
    fzshellext Dynamic Link Library
    3.2.7.0
    c:\program files (x86)\filezilla ftp client\fzshellext_64.dll
    01/08/2009 10:34

    HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers
    FileZilla3CopyHook
    HKCR\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
    fzshellext Dynamic Link Library
    3.6.0.2
    c:\program files (x86)\filezilla ftp client\fzshellext.dll
    29/11/2012 21:59

    HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
    DropboxExt
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
    28/03/2013 19:43

    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
    igfxcui
    HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
    igfxpph Module
    Intel Corporation
    8.15.10.2559
    c:\windows\system32\igfxpph.dll
    21/10/2011 16:58

    HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
    PDF Shell Extension
    HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
    PDF Shell Extension
    Adobe Systems, Inc.
    10.1.8.24
    c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
    03/09/2013 12:24

    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
    Symantec.Norton.Antivirus.IEContextMenu
    HKCR\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
    Symantec Shared Component Shell Extension Module
    Symantec Corporation
    20.4.0.40
    c:\program files (x86)\norton internet security\engine64\20.4.0.40\navshext.dll
    04/06/2013 04:34

    HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
    IZArcCM
    HKCR\CLSID\{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}
    c:\program files (x86)\izarc\izarccm64.dll
    20/07/2012 11:39

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
    DropboxExt1
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
    28/03/2013 19:43
    DropboxExt2
    HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
    28/03/2013 19:43
    DropboxExt3
    HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
    28/03/2013 19:43
    DropboxExt4
    HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext64.19.dll
    28/03/2013 19:43
    GDriveBlacklistedOverlay
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
    Google Drive shell extension
    Google
    1.13.5782.599
    c:\program files (x86)\google\drive\googledrivesync64.dll
    06/12/2013 23:45
    GDriveSharedEditOverlay
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}
    Google Drive shell extension
    Google
    1.13.5782.599
    c:\program files (x86)\google\drive\googledrivesync64.dll
    06/12/2013 23:45
    GDriveSharedViewOverlay
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}
    Google Drive shell extension
    Google
    1.13.5782.599
    c:\program files (x86)\google\drive\googledrivesync64.dll
    06/12/2013 23:45
    GDriveSyncedOverlay
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
    Google Drive shell extension
    Google
    1.13.5782.599
    c:\program files (x86)\google\drive\googledrivesync64.dll
    06/12/2013 23:45
    GDriveSyncingOverlay
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
    Google Drive shell extension
    Google
    1.13.5782.599
    c:\program files (x86)\google\drive\googledrivesync64.dll
    06/12/2013 23:45

    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
    DropboxExt1
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext.19.dll
    28/03/2013 19:43
    DropboxExt2
    HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext.19.dll
    28/03/2013 19:43
    DropboxExt3
    HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
    Dropbox Shell Extension
    Dropbox, Inc.
    1.0.0.19
    c:\users\dave\appdata\roaming\dropbox\bin\dropboxext.19.dll
    28/03/2013 19:43

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
    Norton Toolbar
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
    coIEPlugIn
    Symantec Corporation
    2013.4.0.10
    c:\program files (x86)\norton internet security\engine\20.4.0.40\coieplg.dll
    31/05/2013 01:44

    HKLM\Software\Microsoft\Internet Explorer\Extensions
    HP Network Check
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    NCLauncherFromIE
    Hewlett-Packard
    7.0.0.0
    c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
    09/07/2012 22:46

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions
    HP Network Check
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    NCLauncherFromIE
    Hewlett-Packard
    7.0.0.0
    c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
    09/07/2012 22:46
    Skype Click to Call
    C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Skype Click to Call for Internet Explorer
    Skype Technologies S.A.
    5.9.0.9216
    c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
    17/01/2012 11:43
    Add to Evernote 4
    C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    File not found: C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204


    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
    msacm.l3acm
    C:\Windows\System32\l3codeca.acm
    MPEG Layer-3 Audio Codec for MSACM
    Fraunhofer Institut Integrierte Schaltungen IIS
    1.9.0.401
    c:\windows\system32\l3codeca.acm
    14/07/2009 01:28

    HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
    msacm.l3acm
    C:\Windows\SysWOW64\l3codeca.acm
    MPEG Layer-3 Audio Codec for MSACM
    Fraunhofer Institut Integrierte Schaltungen IIS
    1.9.0.401
    c:\windows\syswow64\l3codeca.acm
    14/07/2009 01:06
    vidc.cvid
    iccvid.dll
    Cinepak© Codec
    Radius Inc.
    1.10.0.13
    c:\windows\syswow64\iccvid.dll
    20/11/2010 11:59

    HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
    RemotelyAnywhere Video Encoder
    HKCR\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}
    RemotelyAnywhere Video Codec
    LogMeIn, Inc.
    8.0.0.795
    c:\windows\downloaded program files\x64\racodec.ax
    19/10/2011 09:50
    RemotelyAnywhere Video Decoder
    HKCR\CLSID\{43534152-0000-0010-8000-00AA00389B71}
    RemotelyAnywhere Video Codec
    LogMeIn, Inc.
    8.0.0.795
    c:\windows\downloaded program files\x64\racodec.ax
    19/10/2011 09:50

    HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
    RemotelyAnywhere Video Encoder
    HKCR\CLSID\{183261F8-780B-4506-BE91-434C01DD010A}
    RemotelyAnywhere Video Codec
    LogMeIn, Inc.
    8.0.0.795
    c:\windows\downloaded program files\x86\racodec.ax
    19/10/2011 09:49
    RemotelyAnywhere Video Decoder
    HKCR\CLSID\{43534152-0000-0010-8000-00AA00389B71}
    RemotelyAnywhere Video Codec
    LogMeIn, Inc.
    8.0.0.795
    c:\windows\downloaded program files\x86\racodec.ax
    19/10/2011 09:49

    ==== Empty IE Cache ======================

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Dave\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Dave\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Dave\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Simonka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Simonka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Users\Simonka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Simonka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Simonka\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Simonka\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Simonka\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\Dave\AppData\Local\Mozilla\Firefox\Profiles\n8vklyyd.default\Cache emptied successfully
    C:\Users\Simonka\AppData\Local\Mozilla\Firefox\Profiles\w1paw79s.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
    C:\Users\Simonka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=1784 folders=334 415605002 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\Temp emptied successfully
    C:\Users\Default User\AppData\Local\Temp emptied successfully
    C:\Users\Simonka\AppData\Local\Temp emptied successfully
    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\Users\Dave\AppData\Local\Temp will be emptied at reboot
    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied
    C:\Users\Dave\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== Deleting Files / Folders ======================

    "C:\PROGRA~2\BrowseSmart" not found
    "C:\PROGRA~2\BrowseSmart" not found

    ==== EOF on 26/12/2013 at 11:03:42.42 ======================


    Kind Regards!

    D
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Re-run Zoek one more time (accept UAC) The following window will open:


    [​IMG]


    Copy and paste the following script from the code box and paste into the field.


    Code:
    C:\Program Files (x86)\Ask.com;fs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "ApnUpdater"=-;r
    

    Select the "Run Script" tab. The following window will open:



    [​IMG]



    Please be patient and do not use the PC when the scan is in progress.

    When complete you maybe asked to re-boot your PC, if so please do

    [​IMG]

    Post the produced log in your next reply&#8230;..

    Next,

    Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

    Download Malwarebytes from the following link and save it to your desktop.:


    http://www.malwarebytes.org/mbam.php

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Let me see those two logs, also give an update on any remaining issues or concerns...

    Thanks,

    Kevin
     
  8. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    Hi,

    Fantastic thanks - all appears to be ok again, no issues to report and here are the logs requested:


    Zoek.exe v5.0.0.0 Updated 23-December-2013
    Tool run by Dave on 27/12/2013 at 11:54:49.16.
    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\Dave\Desktop\zoek.exe [Scan all users] [Script inserted]

    ==== Older Logs ======================

    C:\zoek-results2013-12-26-110342.log 127620 bytes

    ==== Registry Fix Code ======================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ApnUpdater"=-

    ==== Deleting Files \ Folders ======================

    C:\Program Files (x86)\Ask.com not found

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=1784 folders=334 415605002 bytes)

    ==== EOF on 27/12/2013 at 11:59:09.05 ======================



    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.27.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Dave :: HOME-HP [administrator]

    27/12/2013 12:03:27
    mbam-log-2013-12-27 (12-03-27).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 247413
    Time elapsed: 6 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 10
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Quarantined and deleted successfully.
    HKCU\Software\BrowseSmart (PUP.Optional.BrowseSmart.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\BONANZADEALS (PUP.Optional.BonanzaDeals.A) -> Quarantined and deleted successfully.
    HKLM\Software\BrowseSmart (PUP.Optional.BrowseSmart.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKCU\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Data: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\BonanzaDeals|ChromeCrxPath (PUP.Optional.BonanzaDeals.A) -> Data: C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Simonka\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.

    (end)



    Kind Regards

    D
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Excellent, just what we like to hear, We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

    Run Eset Online Scanner

    **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

    Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • click on the Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
      Click Start
    • When asked, allow the add/on to be installed
      Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
      Click Scan
    • wait for the virus definitions to be downloaded
    • Wait for the scan to finish

    When the scan is complete

    • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

    If threats were found

    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish

    close program

    copy and paste the report in next reply

    Thanks,

    Kevin
     
  10. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    Hiya Kevin,

    Sorry for the delay, there were threats and here is the list:

    C:\Users\Dave\AppData\Roaming\0S1F1O2Z0S2Y1H1T\DVD Shrink Packages\uninstaller.exe Win32/InstallCore.AZ application
    C:\Users\Dave\Documents\Symantec\Archived Desktop Stuff\Desktop Stuff\Setup-SopCast-3.4.0-2011-6-9.exe a variant of Win32/Bundled.Toolbar.Ask application
    C:\Users\Dave\Downloads\cnet2_AvaCam_Setup_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\Simonka\Downloads\light_image_resizer4_setup_4.3.1.0_linkular.exe Win32/Adware.Linkular.AC application
    C:\zoek_backup\C_Users_Dave_Downloads_SopCast-3.5.0.exe.vir multiple threats
    C:\zoek_backup\C_PROGRA~2_BrowseSmart\BrowseSmartBHO.dll a variant of Win32/BrowseFox.F application
    C:\zoek_backup\C_PROGRA~2_BrowseSmart\updateBrowseSmart.exe a variant of Win32/BrowseFox.G application
    C:\zoek_backup\C_PROGRA~2_BrowseSmart\bin\utilBrowseSmart.exe a variant of Win32/BrowseFox.G application
    C:\zoek_backup\C_Users_Dave_AppData_Local_Bundled software uninstaller\bi_client.exe Win32/Somoto.A application


    Thanks and happy new year!


    Kind Regards

    D
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Thanks for the reply, Happy New Year to yourself and family...

    Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

    http://oldtimer.geekstogo.com/OTM.exe.
    http://www.itxassociates.com/OT-Tools/OTM.com
    http://www.itxassociates.com/OT-Tools/OTM.exe

    Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...
    • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

      Code:
      :Files
      C:\Users\Dave\Documents\Symantec\Archived Desktop Stuff\Desktop Stuff\Setup-SopCast-3.4.0-2011-6-9.exe
      C:\Users\Dave\Downloads\cnet2_AvaCam_Setup_exe.exe
      C:\Users\Simonka\Downloads\light_image_resizer4_setup_4.3.1.0_linkular.exe
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Next,

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Let me see those logs, also let me know if any remaining issues or concerns...

    Kevin
     
  12. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    Thanks Kevin! Really appreciate your support!

    Here are the latest two logs.... all appears to be back to normal and no issues to report :)

    All processes killed
    ========== FILES ==========
    C:\Users\Dave\Documents\Symantec\Archived Desktop Stuff\Desktop Stuff\Setup-SopCast-3.4.0-2011-6-9.exe moved successfully.
    C:\Users\Dave\Downloads\cnet2_AvaCam_Setup_exe.exe moved successfully.
    C:\Users\Simonka\Downloads\light_image_resizer4_setup_4.3.1.0_linkular.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dave
    ->Temp folder emptied: 50792168 bytes
    ->Temporary Internet Files folder emptied: 414873288 bytes
    ->Java cache emptied: 8196 bytes
    ->FireFox cache emptied: 88205485 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 10442195 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Simonka
    ->Temp folder emptied: 114626 bytes
    ->Temporary Internet Files folder emptied: 122176070 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 108883094 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 602 bytes

    User: TEMP

    User: TEMP.Home-HP

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 18351 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11613 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
    RecycleBin emptied: 2818354 bytes

    Total Files Cleaned = 761.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 01012014_222648

    Files moved on Reboot...
    C:\Users\Dave\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
    C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File C:\Users\Dave\AppData\Local\Temp\~DF1EC0080039DAC56C.TMP not found!
    File C:\Users\Dave\AppData\Local\Temp\~DF6137E704D7667351.TMP not found!
    File C:\Users\Dave\AppData\Local\Temp\~DF69EEE87CA80F8D19.TMP not found!
    File C:\Users\Dave\AppData\Local\Temp\~DF705032D293587D01.TMP not found!
    File C:\Users\Dave\AppData\Local\Temp\~DFC820AAC9BC829CC5.TMP not found!
    File C:\Users\Dave\AppData\Local\Temp\~DFD4918D0557927E1E.TMP not found!
    File C:\Users\Dave\AppData\Local\Temp\~DFF1CEBCB4175D4972.TMP not found!
    File C:\Users\Dave\AppData\Local\Temp\~DFFBB13A31FB8D664A.TMP not found!
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZN2HXUJ\1[timestamp]@x90[1].htm moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZN2HXUJ\click[1].htm moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZN2HXUJ\if[1].htm moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TZN2HXUJ\YSGAM0HQ.htm moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02EAOO1T\1115500-help-spyware-removal-after-downloading[1].htm moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02EAOO1T\search[2].htm moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\02EAOO1T\watch[1].htm moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    Registry entries deleted on Reboot...




    _____________



    Results of screen317's Security Check version 0.99.78
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 45
    Adobe Flash Player 11.9.900.170
    Adobe Reader 10.1.8 Adobe Reader out of Date!
    Mozilla Firefox 25.0.1 Firefox out of Date!
    Google Chrome 31.0.1650.57
    Google Chrome 31.0.1650.63
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    WinPatrol winpatrol.exe
    BillP Studios WinPatrol WinPatrol.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````


    Kind Regards!

    D
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    Adobe Reader is outdated...
    Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

    Step 1 - Select your Operating System.
    Step 2 - Select your Langauge.
    Step 3 - Select latest version.

    Untick the option for any security scanner or toolbar if offered.

    Download and install.

    Having the latest updates ensures there are no security vulnerabilities in your system.

    Next,

    Download "Delfix by Xplode" and save it to your desktop.

    Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

    Make Sure the following items are checked:

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings

    Now click on "Run" and wait patiently until the tool has completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Part of the routine will be to create a registry back up with ERUNT, the back up will be created here:
    C:\Windows\ERUNT

    When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

    Any tools left on your Desktop can be simply deleted, also navigate to and expand C:\ Any files/folders related to Zoek can be deleted....

    Let me know if any remaining issues or concerns.... Also read the following, you may find it useful:

    http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

    Kevin....
     
  14. darrrius

    darrrius Thread Starter

    Joined:
    Sep 24, 2006
    Messages:
    62
    Kevin, you've been amazing. All done and all good!

    thanks for all the help, much appreciated!
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,155
    You`re very welcome....
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1115500