WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
This topic is locked
Authentic Member
Posted 15 June 2014 - 06:38 AM
hi
can anyone help me pls get rid of this annoying pop up that wont go away
TB-Psychotic - back in February you helped hoteret clean his computer of this problem
here is a link
http://forums.whatth...howtopic=127833
A popup comes up with a Japanese pornographic site, under the process of mshta.exe. I delete it and a few seconds later it pops up again
I tried adware, malaware anti
http://www.surfright.nl/en/hitmanpro
http://www.bleepingc....-removal-tool/
thank you
Register to Remove
Forum God
Posted 16 June 2014 - 01:31 PM
You have given no information as far as your operating system, it can depend as to what tools we use, there are some that wont run on Windows 8
Authentic Member
Posted 17 June 2014 - 12:43 AM
thanks for your reply Ken. I hope the following is what you need to know: see attachment
DxDiag.txt 25.59KB
264 downloads
Forum God
Posted 17 June 2014 - 05:50 AM
Great, thanks
Please download aswMBR to your desktop.
Authentic Member
Posted 17 June 2014 - 11:11 AM
Authentic Member
Posted 17 June 2014 - 11:40 AM
sorry, cannot download the zip file - will download from another source
Forum God
Posted 17 June 2014 - 01:10 PM
Please download Junkware Removal Tool to your desktop.
Authentic Member
Posted 18 June 2014 - 01:45 AM
here is the attach zipped file. thanks for your most recent post. will work on that today
attach.zip 3.14KB
224 downloads
Authentic Member
Posted 18 June 2014 - 03:40 AM
thanks for taking the time to reply
I have removed
Microsoft Security Essentials
SparkTrust SparkTrust Antivirus plus the others. I have kept Norton. I downloaded them to try and get rid of the pop up. I cannot find snapdo. I realise it can come under a different name.
find attached the scan results for aswMBR
aswMBR.txt 2.94KB
278 downloads
I will do the rest in a while
here is adwcleaner
# AdwCleaner v3.212 - Report created 18/06/2014 at 10:28:46
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Simon - SIMON-PC
# Running from : C:\Users\Simon\Desktop\adwcleaner_3.212.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Nosibay
Folder Deleted : C:\Users\Simon\AppData\Local\webplayer
Folder Deleted : C:\Users\Simon\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Simon\AppData\Roaming\v9
File Deleted : C:\Users\Simon\AppData\Roaming\Bubble Dock.boostrap.log
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\V9Software
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [7285 octets] - [14/06/2014 10:18:44]
AdwCleaner[R1].txt - [951 octets] - [14/06/2014 10:54:38]
AdwCleaner[R2].txt - [2206 octets] - [14/06/2014 11:23:55]
AdwCleaner[R3].txt - [7251 octets] - [18/06/2014 10:07:11]
AdwCleaner[R4].txt - [7090 octets] - [18/06/2014 10:16:29]
AdwCleaner[S0].txt - [4527 octets] - [14/06/2014 10:44:09]
AdwCleaner[S1].txt - [1011 octets] - [14/06/2014 11:18:24]
AdwCleaner[S2].txt - [2269 octets] - [14/06/2014 11:24:33]
AdwCleaner[S3].txt - [4286 octets] - [18/06/2014 10:28:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4346 octets] ##########
Authentic Member
Posted 18 June 2014 - 09:05 AM
here is the junk removal tool report
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Simon on 18/06/2014 at 15:47:10.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/06/2014 at 15:50:26.33
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Register to Remove
Forum God
Posted 18 June 2014 - 09:15 AM
Good, lets see that OTL log and we can remove those Japanese adds
Authentic Member
Posted 18 June 2014 - 09:35 AM
OTL logfile created on: 18/06/2014 16:24:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
11.89 Gb Total Physical Memory | 9.66 Gb Available Physical Memory | 81.28% Memory free
23.77 Gb Paging File | 21.42 Gb Available in Paging File | 90.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.61 Gb Total Space | 288.27 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Symantec Corporation)
PRC - C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Alienware)
PRC - C:\Program Files (x86)\HP Button Manager\BM.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#\63a45b1c847f54f37f06512b2894e84f\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\HP Button Manager\BM.exe ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\customui.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll ()
MOD - C:\Windows\SysWOW64\dleasmr.dll ()
MOD - C:\Windows\SysWOW64\dleasm.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (Qualcomm Atheros Killer Service) -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe ()
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe (Symantec Corporation)
SRV - (FoxitCloudUpdateService) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SpeedDiskService) -- C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe (Symantec Corporation)
SRV - (DiskDoctorService) -- C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe (Symantec Corporation)
SRV - (NU16StartManagerSvc) -- C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (PC Tools)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:64bit: - (RsProxy) -- C:\Windows\SysNative\drivers\RsProxy.sys ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (GFI Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (ST_ACCEL) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys (STMicroelectronics)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BfLwf) -- C:\Windows\SysNative\drivers\bflwfx64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (Ak27x64) -- C:\Windows\SysNative\drivers\Ak27x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dcdbas) -- C:\Windows\SysNative\drivers\dcdbas64.sys (Dell Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140617.024\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140617.024\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140617.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows ® Win 7 DDK provider)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52819;https=127.0.0.1:52819
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52819;https=127.0.0.1:52819
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014/05/08 13:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn\ [2014/06/18 15:45:40 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_1\
CHR - Extension: Google Drive = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Norton Identity Safe for Google Chromeâ„¢ = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.47_0\
CHR - Extension: Google Wallet = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Symantec Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DD7AB1-65AA-4393-B664-25DB83DE6087}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/18 16:09:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2014/06/18 15:00:20 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Simon\Desktop\JRT.exe
[2014/06/18 09:24:39 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/06/18 09:22:30 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\Simon\Desktop\aswMBR.exe
[2014/06/18 08:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2014/06/17 17:02:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Simon\Desktop\dds.com
[2014/06/17 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/06/17 16:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/06/17 16:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/06/17 09:38:21 | 000,061,216 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2014/06/17 09:37:01 | 000,120,064 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2014/06/17 09:36:58 | 000,258,848 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2014/06/16 23:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
[2014/06/16 20:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/06/16 20:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/06/15 13:39:39 | 000,000,000 | R--D | C] -- C:\Users\Simon\Desktop\security
[2014/06/14 18:48:55 | 009,889,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2014/06/14 18:48:55 | 000,359,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2014/06/14 18:48:45 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2014/06/14 18:48:45 | 000,100,312 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/06/14 18:48:23 | 000,170,200 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\bcbtums.sys
[2014/06/14 18:44:47 | 000,128,200 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2014/06/14 18:22:32 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2014/06/14 18:21:38 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Apple Computer
[2014/06/14 18:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/06/14 18:21:34 | 000,128,288 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2014/06/14 18:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014/06/14 18:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/06/14 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\IObit
[2014/06/14 18:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/06/14 17:36:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/14 17:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/14 10:19:01 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/14 10:18:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/14 10:14:41 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/14 10:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/14 10:13:58 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/14 10:13:58 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/14 10:13:58 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/14 10:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/14 10:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/14 09:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/06/14 09:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/06/14 09:35:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\KSafe
[2014/06/14 09:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\KSafe
[2014/06/14 09:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MaxUtilities
[2014/06/14 09:30:03 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\rightbackup
[2014/06/11 15:47:22 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/11 15:47:21 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/11 15:46:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/11 15:46:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/11 15:46:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/11 15:46:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/11 15:46:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/11 15:46:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/11 15:46:23 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/11 15:46:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/11 15:46:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/11 15:46:22 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/11 15:46:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/11 15:46:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/11 15:46:21 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/11 15:46:21 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/11 15:46:21 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/11 15:46:21 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/11 15:46:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/11 15:46:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/11 15:46:20 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/11 15:46:20 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/11 15:46:20 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/11 15:46:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/11 15:46:19 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/11 15:46:19 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/11 15:46:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/11 15:46:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/11 15:46:18 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/11 15:46:18 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/11 15:46:18 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/11 15:46:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/11 15:46:17 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/11 15:46:17 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/11 15:46:17 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/11 15:46:17 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/11 15:46:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/11 15:46:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/11 15:46:15 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/11 15:45:35 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/11 15:45:34 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/03 17:23:03 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Free File Shredder
[2014/06/03 17:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free File Shredder
[2014/06/03 17:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free File Shredder
[2014/06/03 08:45:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\ElevatedDiagnostics
[2014/06/03 04:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2014/06/03 04:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/06/03 04:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/06/03 04:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014/06/03 04:49:12 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\HpUpdate
[2014/06/03 04:49:09 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMB111.dll
[2014/06/03 04:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/06/03 04:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/06/03 04:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/06/03 04:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/06/03 04:38:09 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\HP
[2014/06/02 14:26:47 | 001,715,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014/06/02 14:26:47 | 001,291,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/05/28 06:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/28 06:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/28 06:50:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/28 06:49:43 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/28 06:49:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/28 06:49:43 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/28 06:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/28 06:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/24 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\ArcSoft
[2014/05/24 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\ArcSoft
[2014/05/24 20:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2014/05/24 20:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VuRoom
[2014/05/24 20:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/24 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\vivu
[2014/05/24 20:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Button Manager
[2014/05/24 20:06:39 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\InstallShield
[2014/05/24 20:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2014/05/24 20:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Webcam Software Suite
[2014/05/24 20:04:00 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2014/05/24 20:04:00 | 000,393,216 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUP60.dll
[2014/05/24 20:04:00 | 000,249,856 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLURT.dll
[2014/05/24 20:04:00 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2014/05/24 20:04:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2014/05/24 20:03:26 | 000,053,560 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System\ArcSoftKsUFilter.dll
[2014/05/24 20:03:26 | 000,019,968 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys
[2014/05/24 20:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2014/05/24 20:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2014/05/20 09:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2014/05/20 09:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Toolbar
[2014/05/20 09:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
[2014/05/20 09:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell PC Fax
[2014/05/20 09:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell V310-V510 Series
[2014/05/20 09:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\dl_Cats
[2014/05/20 09:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V310-V510 Series
[2014/05/20 09:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/06/18 16:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/18 16:09:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2014/06/18 15:53:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/18 15:53:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/18 15:46:53 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\NUAutoUpdate.job
[2014/06/18 15:46:40 | 000,001,948 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk
[2014/06/18 15:45:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/18 15:45:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/18 15:44:50 | 981,184,510 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/18 15:40:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/18 15:00:21 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Simon\Desktop\JRT.exe
[2014/06/18 10:06:43 | 001,333,465 | ---- | M] () -- C:\Users\Simon\Desktop\adwcleaner_3.212.exe
[2014/06/18 09:56:40 | 000,000,512 | ---- | M] () -- C:\Users\Simon\Desktop\MBR.dat
[2014/06/18 09:22:59 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\Simon\Desktop\aswMBR.exe
[2014/06/18 08:50:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/06/18 08:40:54 | 000,003,212 | ---- | M] () -- C:\Users\Simon\Desktop\attach.zip
[2014/06/18 05:12:34 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2014/06/17 17:02:31 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Simon\Desktop\dds.com
[2014/06/17 11:55:02 | 000,353,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/17 06:39:16 | 000,001,690 | ---- | M] () -- C:\Windows\SysWow64\${LOGFILE}
[2014/06/17 06:26:44 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job
[2014/06/16 20:53:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/06/16 10:59:34 | 000,782,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/16 10:59:34 | 000,662,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/16 10:59:34 | 000,122,248 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/14 18:48:55 | 009,889,352 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2014/06/14 18:48:55 | 000,359,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2014/06/14 18:48:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/06/14 18:48:45 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2014/06/14 18:48:45 | 000,100,312 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/06/14 18:48:23 | 000,170,200 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\bcbtums.sys
[2014/06/14 18:48:23 | 000,069,219 | ---- | M] () -- C:\Windows\SysNative\drivers\BCM20702A1_001.002.014.1315.1411.hex
[2014/06/14 18:44:47 | 000,128,200 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2014/06/14 17:47:26 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/06/14 17:45:24 | 000,002,094 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/06/14 10:14:57 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/12 21:41:59 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/08 10:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 10:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/03 17:22:58 | 000,001,237 | ---- | M] () -- C:\Users\Simon\Desktop\Free File Shredder.lnk
[2014/06/03 04:46:05 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/05/30 11:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 10:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 10:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 10:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 10:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 10:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 10:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 10:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 10:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 10:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 10:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 10:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 09:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 09:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 09:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 09:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 09:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 09:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 09:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 09:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 09:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 09:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 09:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 09:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 09:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 09:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 09:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 09:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 09:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 08:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 08:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 08:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 08:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/30 00:07:51 | 001,291,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/05/30 00:07:51 | 001,122,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/05/30 00:07:38 | 001,715,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014/05/30 00:07:38 | 001,279,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/05/29 03:13:01 | 000,000,047 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\WB.CFG
[2014/05/28 06:49:39 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/28 06:49:39 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/28 06:49:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/28 06:49:39 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/25 13:28:29 | 000,015,976 | ---- | M] () -- C:\Windows\SysNative\drivers\RsProxy.sys
[2014/05/24 20:07:20 | 000,001,646 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
[2014/05/20 09:50:38 | 000,195,575 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/06/18 10:06:07 | 001,333,465 | ---- | C] () -- C:\Users\Simon\Desktop\adwcleaner_3.212.exe
[2014/06/18 09:56:40 | 000,000,512 | ---- | C] () -- C:\Users\Simon\Desktop\MBR.dat
[2014/06/18 08:40:54 | 000,003,212 | ---- | C] () -- C:\Users\Simon\Desktop\attach.zip
[2014/06/18 05:12:34 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2014/06/17 06:38:56 | 000,001,690 | ---- | C] () -- C:\Windows\SysWow64\${LOGFILE}
[2014/06/17 06:32:32 | 000,001,223 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/06/17 06:26:37 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job
[2014/06/16 20:53:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/06/14 18:48:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/06/14 18:48:23 | 000,069,219 | ---- | C] () -- C:\Windows\SysNative\drivers\BCM20702A1_001.002.014.1315.1411.hex
[2014/06/14 17:45:24 | 000,002,094 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/06/14 17:34:51 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/06/14 09:44:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/06/03 17:22:58 | 000,001,237 | ---- | C] () -- C:\Users\Simon\Desktop\Free File Shredder.lnk
[2014/06/03 05:48:58 | 000,001,948 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk
[2014/06/03 04:46:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/05/29 03:13:01 | 000,000,047 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\WB.CFG
[2014/05/25 13:28:28 | 000,015,976 | ---- | C] () -- C:\Windows\SysNative\drivers\RsProxy.sys
[2014/05/24 20:07:20 | 000,001,646 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
[2014/05/20 09:50:32 | 000,509,952 | ---- | C] () -- C:\Windows\SysNative\DLEAwupd.dll
[2014/05/20 09:50:32 | 000,295,080 | ---- | C] () -- C:\Windows\SysNative\DLEAwupd.exe
[2014/05/20 09:50:13 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2014/05/20 09:50:13 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2014/05/20 09:50:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2014/05/20 09:50:13 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2014/05/20 09:50:13 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2014/05/20 09:50:13 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2014/05/20 09:50:13 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\DLEAinst.dll
[2014/05/20 09:50:13 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2014/05/20 09:50:13 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2014/05/20 09:50:13 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2014/05/20 09:50:13 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2014/05/20 09:50:13 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2014/05/20 09:50:13 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2014/05/20 09:50:13 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2014/05/20 09:50:13 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2014/05/20 09:50:13 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2014/05/20 09:50:13 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2014/05/20 09:50:13 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2014/05/20 09:50:13 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2014/05/20 09:50:13 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2014/05/20 09:50:13 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2014/05/20 09:50:13 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2014/05/20 09:50:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2014/05/20 09:50:13 | 000,002,064 | ---- | C] () -- C:\Windows\SysWow64\dlea.loc
[2014/05/20 09:50:11 | 000,579,584 | ---- | C] ( ) -- C:\Windows\SysNative\dleacomm.dll
[2014/05/20 09:35:52 | 000,195,575 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2014/05/09 16:12:54 | 000,014,848 | ---- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/08 10:50:40 | 000,774,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/08 10:33:37 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2014/05/08 10:33:37 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2014/05/08 10:33:37 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2014/05/08 10:33:37 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/08 10:24:26 | 000,103,272 | ---- | C] () -- C:\Users\Simon\GoToAssistDownloadHelper.exe
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/05/19 16:07:26 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Foxit Software
[2014/06/03 17:23:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Free File Shredder
[2014/06/14 18:21:40 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\IObit
[2014/05/08 12:03:38 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\IrfanView
[2014/06/14 09:35:57 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\KSafe
[2014/05/08 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Product_NU16
[2014/06/14 09:30:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\rightbackup
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:792D4CF1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
Authentic Member
Posted 18 June 2014 - 09:40 AM
OTL Extras logfile created on: 18/06/2014 16:24:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
11.89 Gb Total Physical Memory | 9.66 Gb Available Physical Memory | 81.28% Memory free
23.77 Gb Paging File | 21.42 Gb Available in Paging File | 90.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.61 Gb Total Space | 288.27 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C5B354-7B39-4D10-800C-201ED9168A29}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{1A09DEF9-8574-47D6-973F-DA40732C4D4D}" = lport=445 | protocol=6 | dir=in | app=system |
"{3DDEDEBC-CD02-4A6C-BC90-79A7C6907483}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43A41F6B-3BB0-4F79-A730-F5722F7AC134}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A557C6E-2DBE-461D-9C25-6C8A2B49E476}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4AC02D85-EE13-4E82-B619-D686083B2AB7}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E750A2C-817A-4DFB-B8E7-D302732A6A8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{52D898D1-B23E-45F6-9E99-836B459333BE}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{67075A51-F22F-4327-8EEE-156C34D5A798}" = lport=137 | protocol=17 | dir=in | app=system |
"{6804CFA2-BEED-4B44-B348-26B185A8BFEB}" = rport=445 | protocol=6 | dir=out | app=system |
"{6EC1384C-EF57-4111-A020-81FF49223202}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7585A3A0-D7C6-4431-B72F-950AF2EDA8AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{83C35BD1-3385-48F3-AD1F-70706302F9E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F39F6E8-8415-4571-B6A4-BE5A703BCD06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{91AD6785-0862-4318-A057-A6E2930053BF}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{978E56D4-9142-4A4E-A3B0-AFCDAA24AFA8}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB80311D-3A57-4AC0-AB5A-8D22A9231A17}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{E9DC7F95-2F23-4036-A73B-1FE01E89208D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D7FAB9-2699-456D-B5CA-5C01F5A779F5}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe |
"{0B0EE4C7-BB18-44BC-9511-88B82E8DBD03}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{1BEE841E-8871-4832-94F8-923A67DE2D6C}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe |
"{2C23FF37-385C-4D7C-9F91-EF9A8A28737D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{51F7350B-BB4C-4397-8DAE-92EE54046E48}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{93F8AC8B-19C6-495F-A9E8-D5BD6D57823D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9C8C1A1E-1FDF-491D-AF96-152A232BAB98}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{9E70B823-2095-4771-BD1F-3166CBB80466}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BF7CF169-C7D1-4067-9AF4-17E4CAC3CDBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D6CB34C3-0165-4263-B0E1-5E1D180AB778}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DF68B3B6-2D4E-435E-B171-F939DD97874B}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{FEB60A9A-8BFC-4BAA-B555-EE665FCF312E}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicatorcom.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68C0736C-3E47-43A6-B14D-236BEF198A5F}" = HP Photosmart 5520 series Basic Device Software
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}" = HP Photosmart 5520 series Product Improvement Study
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center
"CCleaner" = CCleaner
"Dell V310-V510 Series" = Dell V310-V510 Series
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Ethernet Controller
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{465D6ACC-CAB9-40CD-ADAC-A91B071FA30E}" = HP Button Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7137E26A-10F7-4B1C-9980-0893579E92DA}" = HP Photosmart 5520 series Help
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{D10FE2E3-B2DE-4B0E-ACBD-F87A566B9649}" = HP Webcam Software Suite
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Edison" = VuRoom
"Foxit Reader_is1" = Foxit Reader
"Free File Shredder_is1" = Free File Shredder 5.5.2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center
"IrfanView" = IrfanView (remove only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"N360" = Norton 360
"Norton Utilities 16_is1" = Norton Utilities 16
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
< End of report >
Forum God
Posted 18 June 2014 - 10:12 AM
I dont see the entries for those Japanese adds on the OTL log, either there gone or it didnt find it.
Run this quick fix with OTL and post the log and then I am going to try another scanner to see if mshta is still present
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52819;https=127.0.0.1:52819
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52819;https=127.0.0.1:52819
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBRC.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
[2014/06/14 18:22:32 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Authentic Member
Posted 19 June 2014 - 01:49 AM
otl reply
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SBRegRebootCleaner not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
File C:\Windows\SysNative\SmartDefragBootTime.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Simon\Desktop\cmd.bat deleted successfully.
C:\Users\Simon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Simon
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Simon
->Temp folder emptied: 33494 bytes
->Temporary Internet Files folder emptied: 5284870 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7580 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 219122 bytes
Total Files Cleaned = 5.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06192014_084405
Files\Folders moved on Reboot...
C:\Users\Simon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWXNXIKO\xIAtSaglM8LZOYdGmG1JqQ[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\A4RWZsncmJ25G8iqn2EHN_esZW2xOQ-xsNqO47m55DA[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\EvPKapBawcLZ3hbihjhqAT8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\s-BiyweUPV0v-yRb-cjciBsxEYwM7FgeyaSgU71cLG0[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\sp1_LTSOMWWV0K5VTuZzvQ[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M7UXKKFR\index[3].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BTIB76ZR\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HP2VDI6\fastbutton[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HP2VDI6\like[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FMDW26J\HqHm7BVC_nzzTui2lzQTDT8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FMDW26J\postmessageRelay[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW6LABOA\reg2[1].htm moved successfully.
File\Folder C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: What the Tech
