Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91600 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

mshta.exe virus! can you help pls TB-Psychotic or anyone? [Solved


  • This topic is locked This topic is locked
72 replies to this topic

#1 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 15 June 2014 - 06:38 AM

hi 

 

can anyone help me pls get rid of this annoying pop up that wont go away

 

TB-Psychotic -  back in February you helped hoteret clean his computer of this problem

here is a link

 

http://forums.whatth...howtopic=127833

 

A popup comes up with a Japanese pornographic site, under the process of mshta.exe.  I delete it and a few seconds later it pops up again

 

 

I tried adware, malaware anti

 

http://www.surfright.nl/en/hitmanpro
http://www.bleepingc....-removal-tool/

 

thank you

 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 June 2014 - 01:31 PM

:welcome:

 

You have given no information as far as your operating system, it can depend as to what tools we use, there are some that wont run on Windows 8


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 17 June 2014 - 12:43 AM

thanks for your reply Ken.    I hope the following is what you need to know:  see attachment

 

 

 

 

 

 

 

 

Attached Files



#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 17 June 2014 - 05:50 AM

Great, thanks

 

Download DDS from one of the links below to your desktop
 
 
  •  
  • Double  click the tool to run it.
  • A black Screen   will open, just  read the contents and do nothing.
  • When the  tool  finishes, it  will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
 
 
 
 
 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 17 June 2014 - 11:11 AM

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by Simon at 17:04:07 on 2014-06-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12170.9000 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: SparkTrust SparkTrust AntiVirus *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton 360 Premier Edition *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 Premier Edition *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: SparkTrust SparkTrust AntiVirus *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: SparkTrust SparkTrust AntiVirus *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton 360 Premier Edition *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\mshta.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP Button Manager\BM.exe
C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SparkTrust.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqVvkKen0VXX6DgN7_JmZ8rUX1ajb60D8a4bDFQ0HhpYXWbMV0A29OolGQ-jhkvCPEvEdSpvWdinKiwKc7WjEHbruhTCly6kFa0gRwdqF5hrIawuJP3Zkowr5y-9utdSZ4t1RU2zQu75qw,,&q={searchTerms}
uSearch Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqVvkKen0VXX6DgN7_JmZ8rUX1ajb60D8a4bDFQ0HhpYXWbMV0A29OolGQ-jhkvCPEvEdSpvWdinKiwKc7WjEHbruhTCly6kFa0gRwdqF5hrIawuJP3Zkowr5y-9utdSZ4t1RU2zQu75qw,,&q={searchTerms}
uDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041
mStart Page = hxxp://www.v9.com/?type=hp&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041
mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041&q={searchTerms}
mDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041
mDefault_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041&q={searchTerms}
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqVvkKen0VXX6DgN7_JmZ8rUX1ajb60D8a4bDFQ0HhpYXWbMV0A29OolGQ-jhkvCPEvEdSpvWdinKiwKc7WjEHbruhTCly6kFa0gRwdqF5hrIawuJP3Zkowr5y-9utdSZ4t1RU2zQu75qw,,&q={searchTerms}
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [SystemBooteHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] mshta.exe http://gbc.psiuyfbe....yJP8FDAh2&log=1
uRun: [RegWriteeHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] mshta.exe http://gbc.psiuyfbe....uq9jR1yJP8FDAh2
uRunOnce: [RegWriteeHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] mshta.exe http://gbc.psiuyfbe....uq9jR1yJP8FDAh2
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HP Button Manager.lnk - C:\Program Files (x86)\HP Button Manager\BM.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{59DD7AB1-65AA-4393-B664-25DB83DE6087} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs= c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.v9.com/?type=hp&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041
x64-mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041
x64-mDefault_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1402982816&from=smt&uid=ST9500423AS_S2V083LVXXXXS2V083LV&i=psd&t=3443e3041&q={searchTerms}
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBRC.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-5-8 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-5-8 33736]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-6-14 21184]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2014-5-8 22128]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1503000.00C\symds64.sys [2014-5-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1503000.00C\symefa64.sys [2014-5-16 1148120]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2012-2-15 75880]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [2014-6-10 1530160]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1503000.00C\ccsetx64.sys [2014-5-16 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140616.001\IDSviA64.sys [2014-6-16 525016]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2014-5-8 300320]
R1 RsProxy;RsProxy Driver;C:\Windows\System32\drivers\RsProxy.sys [2014-5-25 15976]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2014-6-17 258848]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\ironx64.sys [2014-5-16 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys [2014-5-16 593112]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-6-14 881952]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-5-8 241728]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2014-5-8 2439272]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-6-14 342336]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe [2014-5-16 265040]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2014-5-8 795776]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-8 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-8 21055432]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-2-15 492032]
R2 SBAMSvc;SparkTrust AntiVirus;C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-8 411936]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [2014-5-24 145984]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2012-2-15 2740328]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2014-5-24 19968]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2014-6-14 170200]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2014-5-8 615464]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2014-5-8 39976]
R3 dcdbas;System Management Driver;C:\Windows\System32\drivers\dcdbas64.sys [2014-5-8 38472]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-11 142128]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-6-14 23048]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-5-8 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-5-8 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-5-8 788760]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2014-6-14 128200]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-9 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-9 40392]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-6-14 34848]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2014-6-14 359128]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2014-6-17 120064]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2014-5-8 67184]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-6-14 23016]
S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-6-15 14704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2010-5-21 45224]
S2 System guard;System guard;"C:\Program Files (x86)\KeyDownload\KeyPlayr\guardnot.exe" --> C:\Program Files (x86)\KeyDownload\KeyPlayr\guardnot.exe [?]
S3 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2014-5-8 1150592]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2014-6-17 41032]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-6-14 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-16 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-16 180736]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2014-6-17 120064]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2014-6-17 61216]
S3 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2014-5-8 1163904]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-8 1255736]
.
=============== Created Last 30 ================
.
2014-06-17 15:33:56 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8167A623-2E20-40CE-BB62-6608E6C65CD7}\mpengine.dll
2014-06-17 09:37:03 41032 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2014-06-17 08:38:48 -------- d-----w- C:\Program Files (x86)\Common Files\SparkTrust
2014-06-17 08:38:21 61216 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2014-06-17 08:37:01 120064 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2014-06-17 08:36:58 258848 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2014-06-17 08:36:38 -------- d-----w- C:\ProgramData\SparkTrust
2014-06-17 08:36:38 -------- d-----w- C:\Program Files (x86)\SparkTrust
2014-06-17 05:29:38 -------- d-----w- C:\Program Files (x86)\Nosibay
2014-06-17 05:29:15 -------- d-----w- C:\Users\Simon\AppData\Roaming\Nosibay
2014-06-17 05:27:10 -------- d-----w- C:\Users\Simon\AppData\Roaming\v9
2014-06-16 22:42:02 -------- d-----w- C:\Users\Simon\AppData\Local\WebPlayer
2014-06-16 19:52:31 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-06-16 13:42:58 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-14 17:48:55 9889352 ----a-w- C:\Windows\SysWow64\RsCRIcon.dll
2014-06-14 17:48:55 359128 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2014-06-14 17:48:45 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2014-06-14 17:48:45 100312 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
2014-06-14 17:48:23 170200 ----a-w- C:\Windows\System32\drivers\bcbtums.sys
2014-06-14 17:44:47 128200 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2014-06-14 17:22:32 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2014-06-14 17:21:35 -------- d-----w- C:\ProgramData\ProductData
2014-06-14 17:21:34 128288 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll
2014-06-14 17:21:33 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-14 17:21:25 21184 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2014-06-14 17:18:27 -------- d-----w- C:\ProgramData\IObit
2014-06-14 17:15:09 -------- d-----w- C:\Users\Simon\AppData\Roaming\IObit
2014-06-14 17:15:05 -------- d-----w- C:\Program Files (x86)\IObit
2014-06-14 16:36:17 -------- d-----w- C:\Windows\ERUNT
2014-06-14 16:34:51 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-06-14 16:33:56 -------- d-----w- C:\ProgramData\HitmanPro
2014-06-14 09:19:01 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-14 09:18:40 -------- d-----w- C:\AdwCleaner
2014-06-14 09:14:41 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-14 09:13:58 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-14 09:13:58 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-14 09:13:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-14 09:13:57 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-14 09:13:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-14 08:46:48 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{10AFCC89-42F9-4603-A281-9EC25FBDE711}\gapaengine.dll
2014-06-14 08:43:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-06-14 08:43:50 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-06-14 08:35:57 -------- d-----w- C:\Users\Simon\AppData\Roaming\KSafe
2014-06-14 08:35:57 -------- d-----w- C:\ProgramData\KSafe
2014-06-14 08:35:49 -------- d-----w- C:\Program Files (x86)\MaxUtilities
2014-06-14 08:30:03 -------- d-----w- C:\Users\Simon\AppData\Roaming\rightbackup
2014-06-11 14:47:22 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 14:47:22 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 14:47:21 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 14:47:21 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 14:45:35 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 14:45:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-03 16:23:03 -------- d-----w- C:\Users\Simon\AppData\Roaming\Free File Shredder
2014-06-03 16:22:57 -------- d-----w- C:\Program Files (x86)\Free File Shredder
2014-06-03 07:45:40 -------- d-----w- C:\Users\Simon\AppData\Local\ElevatedDiagnostics
2014-06-03 03:50:19 -------- d-----w- C:\Program Files (x86)\Microsoft
2014-06-03 03:50:09 -------- d-----w- C:\ProgramData\Visan
2014-06-03 03:50:09 -------- d-----w- C:\ProgramData\HP Photo Creations
2014-06-03 03:50:09 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2014-06-03 03:49:12 -------- d-----w- C:\Users\Simon\AppData\Roaming\HpUpdate
2014-06-03 03:49:09 741480 ------w- C:\Windows\System32\HPDiscoPMB111.dll
2014-06-03 03:47:52 -------- d-----w- C:\Program Files (x86)\HP
2014-06-03 03:46:38 -------- d-----w- C:\Program Files\HP
2014-06-03 03:38:09 -------- d-----w- C:\Users\Simon\AppData\Local\HP
2014-06-02 13:26:47 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-06-02 13:26:47 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-06-02 05:49:00 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-05-28 05:50:30 -------- d-----w- C:\ProgramData\Oracle
2014-05-28 05:49:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-25 12:28:28 15976 ----a-w- C:\Windows\System32\drivers\RsProxy.sys
2014-05-24 19:14:57 -------- d-----w- C:\Users\Simon\AppData\Local\ArcSoft
2014-05-24 19:09:44 -------- d-----w- C:\Users\Simon\vivu
2014-05-24 19:07:20 -------- d-----w- C:\Program Files (x86)\HP Button Manager
2014-05-24 19:05:04 -------- d-----w- C:\ProgramData\ArcSoft
2014-05-24 19:04:00 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-05-24 19:04:00 393216 ----a-w- C:\Windows\SysWow64\MSLUP60.dll
2014-05-24 19:04:00 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-05-24 19:04:00 249856 ----a-w- C:\Windows\SysWow64\MSLURT.dll
2014-05-24 19:04:00 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2014-05-24 19:04:00 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2014-05-24 19:04:00 1645320 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2014-05-24 19:03:26 53560 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2014-05-24 19:03:26 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2014-05-24 19:01:49 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-05-24 19:01:49 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-05-24 19:01:49 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-05-24 19:01:49 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-05-20 09:12:54 4990554 ----a-w- C:\ProgramData\SPL1239.tmp
2014-05-20 08:54:14 -------- d-----w- C:\ProgramData\Ezprint
2014-05-20 08:35:52 -------- d-----w- C:\ProgramData\dl_Cats
2014-05-20 08:35:49 189440 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\dleadrpp.dll
2014-05-20 08:35:40 -------- d-----w- C:\Program Files\Dell V310-V510 Series
2014-05-20 08:33:45 -------- d-----w- C:\Program Files\Dell
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-13 18:22:33 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 18:22:33 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-13 18:22:15 17352880 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-08 16:09:07 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-08 16:09:07 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-05-08 16:09:07 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-05-08 16:09:07 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-05-08 16:09:07 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2014-05-08 16:09:07 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-05-08 16:08:45 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-05-08 16:08:44 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-05-08 16:08:27 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-05-08 16:00:41 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-05-08 16:00:41 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-05-08 12:18:30 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-05-08 09:24:27 103272 ----a-w- C:\Users\Simon\GoToAssistDownloadHelper.exe
2014-04-15 01:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 16:42:44 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-31 16:42:40 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 17:04:58.38 ===============

#6 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 17 June 2014 - 11:40 AM

sorry, cannot download the zip file - will download from another source



#7 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 17 June 2014 - 01:10 PM

You have a lot going on on your system
 
First, you should only have one AV installed as recommended by Microsof, keep it updated and run regular scans, more than one is overkill and can severly hamper system performance, with AntiVirus software more is not better.
 
This is your call on which one to keep, you need to uninstall two of these programs
Microsoft Security Essentials
SparkTrust SparkTrust AntiVirus
Norton 360 Premier Edition
 
 
This is a poor choice for a malware program, you should uninstall this one to
IObit Malware Fighter
 
 
Snapdo
 
Bad news on this one
 
These are taking you to that Japanese site
uRun: [SystemBooteHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] mshta.exe http://gbc.psiuyfbe....yJP8FDAh2&log=1
uRun: [RegWriteeHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] mshta.exe http://gbc.psiuyfbe....uq9jR1yJP8FDAh2
uRunOnce: [RegWriteeHQ088Vh8yxWhinGduq9jR1yJP8FDAh2] mshta.exe http://gbc.psiuyfbe....uq9jR1yJP8FDAh2
 
 
 
We cant fix this all in one go, so lets do this first and get rid of some of it.  Run these in the order listed please
 
 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
 

 
OTL by OldTimer
  •  
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
 
 
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#8 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 18 June 2014 - 01:45 AM

here is the attach zipped file.  thanks for your most recent post.  will work on that today

Attached Files



#9 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 18 June 2014 - 03:40 AM

thanks for taking the time to reply

I have removed

Microsoft Security Essentials

SparkTrust SparkTrust Antivirus plus the others.  I have kept Norton.  I downloaded them to try and get rid of the pop up.  I cannot find snapdo.   I realise it can come under a different name.

find attached the scan results for aswMBRAttached File  aswMBR.txt   2.94KB   98 downloads

 

I will do the rest in a while

 

here is adwcleaner

 

# AdwCleaner v3.212 - Report created 18/06/2014 at 10:28:46
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Simon - SIMON-PC
# Running from : C:\Users\Simon\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Nosibay
Folder Deleted : C:\Users\Simon\AppData\Local\webplayer
Folder Deleted : C:\Users\Simon\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Simon\AppData\Roaming\v9
File Deleted : C:\Users\Simon\AppData\Roaming\Bubble Dock.boostrap.log

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\V9Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [7285 octets] - [14/06/2014 10:18:44]
AdwCleaner[R1].txt - [951 octets] - [14/06/2014 10:54:38]
AdwCleaner[R2].txt - [2206 octets] - [14/06/2014 11:23:55]
AdwCleaner[R3].txt - [7251 octets] - [18/06/2014 10:07:11]
AdwCleaner[R4].txt - [7090 octets] - [18/06/2014 10:16:29]
AdwCleaner[S0].txt - [4527 octets] - [14/06/2014 10:44:09]
AdwCleaner[S1].txt - [1011 octets] - [14/06/2014 11:18:24]
AdwCleaner[S2].txt - [2269 octets] - [14/06/2014 11:24:33]
AdwCleaner[S3].txt - [4286 octets] - [18/06/2014 10:28:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4346 octets] ##########



#10 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 18 June 2014 - 09:05 AM

here is the junk removal tool report

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Simon on 18/06/2014 at 15:47:10.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/06/2014 at 15:50:26.33
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Advertisements

Register to Remove


#11 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 18 June 2014 - 09:15 AM

Good, lets see that OTL log and we can remove those Japanese adds


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#12 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 18 June 2014 - 09:35 AM

OTL logfile created on: 18/06/2014 16:24:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
11.89 Gb Total Physical Memory | 9.66 Gb Available Physical Memory | 81.28% Memory free
23.77 Gb Paging File | 21.42 Gb Available in Paging File | 90.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.61 Gb Total Space | 288.27 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Simon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Symantec Corporation)
PRC - C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Alienware)
PRC - C:\Program Files (x86)\HP Button Manager\BM.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data7706cdc8#\63a45b1c847f54f37f06512b2894e84f\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\HP Button Manager\BM.exe ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadrs.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleascw.dll ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\DLEAcfg.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\customui.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleadatr.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacaps.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleacnv4.dll ()
MOD - C:\Program Files (x86)\Dell V310-V510 Series\dleaptp.dll ()
MOD - C:\Windows\SysWOW64\dleasmr.dll ()
MOD - C:\Windows\SysWOW64\dleasm.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (Qualcomm Atheros Killer Service) -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe ()
SRV:64bit: - (dlea_device) -- C:\Windows\SysNative\dleacoms.exe ( )
SRV:64bit: - (dleaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe (Symantec Corporation)
SRV - (FoxitCloudUpdateService) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SpeedDiskService) -- C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe (Symantec Corporation)
SRV - (DiskDoctorService) -- C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe (Symantec Corporation)
SRV - (NU16StartManagerSvc) -- C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe (PC Tools)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (dleaCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe ()
SRV - (dlea_device) -- C:\Windows\SysWOW64\dleacoms.exe ( )
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:64bit: - (RsProxy) -- C:\Windows\SysNative\drivers\RsProxy.sys ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (GFI Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (ST_ACCEL) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys (STMicroelectronics)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BfLwf) -- C:\Windows\SysNative\drivers\bflwfx64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (Ak27x64) -- C:\Windows\SysNative\drivers\Ak27x64.sys (Bigfoot Networks, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dcdbas) -- C:\Windows\SysNative\drivers\dcdbas64.sys (Dell Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140617.024\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20140617.024\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20140617.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows ® Win 7 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52819;https=127.0.0.1:52819
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52819;https=127.0.0.1:52819
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014/05/08 13:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn\ [2014/06/18 15:45:40 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_1\
CHR - Extension: Google Drive = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Norton Identity Safe for Google Chromeâ„¢ = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.47_0\
CHR - Extension: Google Wallet = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)
O4:64bit: - HKLM..\Run: [dleamon.exe] C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBRC.exe" File not found
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe (Symantec Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DD7AB1-65AA-4393-B664-25DB83DE6087}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/18 16:09:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2014/06/18 15:00:20 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Simon\Desktop\JRT.exe
[2014/06/18 09:24:39 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/06/18 09:22:30 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\Simon\Desktop\aswMBR.exe
[2014/06/18 08:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2014/06/17 17:02:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Simon\Desktop\dds.com
[2014/06/17 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/06/17 16:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/06/17 16:52:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/06/17 09:38:21 | 000,061,216 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2014/06/17 09:37:01 | 000,120,064 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys
[2014/06/17 09:36:58 | 000,258,848 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys
[2014/06/16 23:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
[2014/06/16 20:53:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/06/16 20:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/06/15 13:39:39 | 000,000,000 | R--D | C] -- C:\Users\Simon\Desktop\security
[2014/06/14 18:48:55 | 009,889,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2014/06/14 18:48:55 | 000,359,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2014/06/14 18:48:45 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2014/06/14 18:48:45 | 000,100,312 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/06/14 18:48:23 | 000,170,200 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\bcbtums.sys
[2014/06/14 18:44:47 | 000,128,200 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2014/06/14 18:22:32 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2014/06/14 18:21:38 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Apple Computer
[2014/06/14 18:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/06/14 18:21:34 | 000,128,288 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2014/06/14 18:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014/06/14 18:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/06/14 18:15:09 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\IObit
[2014/06/14 18:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/06/14 17:36:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/14 17:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/14 10:19:01 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/14 10:18:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/14 10:14:41 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/14 10:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/14 10:13:58 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/14 10:13:58 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/14 10:13:58 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/14 10:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/14 10:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/14 09:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/06/14 09:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/06/14 09:35:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\KSafe
[2014/06/14 09:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\KSafe
[2014/06/14 09:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MaxUtilities
[2014/06/14 09:30:03 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\rightbackup
[2014/06/11 15:47:22 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014/06/11 15:47:21 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014/06/11 15:46:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014/06/11 15:46:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014/06/11 15:46:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/06/11 15:46:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/06/11 15:46:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/06/11 15:46:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/06/11 15:46:23 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/06/11 15:46:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/06/11 15:46:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/06/11 15:46:22 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/06/11 15:46:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/06/11 15:46:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/06/11 15:46:21 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/06/11 15:46:21 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/06/11 15:46:21 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/06/11 15:46:21 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/06/11 15:46:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/06/11 15:46:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/06/11 15:46:20 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/06/11 15:46:20 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/06/11 15:46:20 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/06/11 15:46:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/06/11 15:46:19 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/06/11 15:46:19 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/06/11 15:46:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/06/11 15:46:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/06/11 15:46:18 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/06/11 15:46:18 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/06/11 15:46:18 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/06/11 15:46:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/06/11 15:46:17 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/06/11 15:46:17 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/06/11 15:46:17 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/06/11 15:46:17 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/06/11 15:46:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/06/11 15:46:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/06/11 15:46:15 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/06/11 15:45:35 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/11 15:45:34 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/03 17:23:03 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Free File Shredder
[2014/06/03 17:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free File Shredder
[2014/06/03 17:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free File Shredder
[2014/06/03 08:45:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\ElevatedDiagnostics
[2014/06/03 04:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2014/06/03 04:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/06/03 04:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014/06/03 04:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014/06/03 04:49:12 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\HpUpdate
[2014/06/03 04:49:09 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMB111.dll
[2014/06/03 04:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/06/03 04:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/06/03 04:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014/06/03 04:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/06/03 04:38:09 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\HP
[2014/06/02 14:26:47 | 001,715,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014/06/02 14:26:47 | 001,291,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/05/28 06:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/28 06:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/28 06:50:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/28 06:49:43 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/28 06:49:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/28 06:49:43 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/28 06:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/28 06:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/24 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\ArcSoft
[2014/05/24 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\ArcSoft
[2014/05/24 20:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2014/05/24 20:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VuRoom
[2014/05/24 20:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/24 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\vivu
[2014/05/24 20:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Button Manager
[2014/05/24 20:06:39 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\InstallShield
[2014/05/24 20:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2014/05/24 20:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Webcam Software Suite
[2014/05/24 20:04:00 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2014/05/24 20:04:00 | 000,393,216 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUP60.dll
[2014/05/24 20:04:00 | 000,249,856 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLURT.dll
[2014/05/24 20:04:00 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2014/05/24 20:04:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2014/05/24 20:03:26 | 000,053,560 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System\ArcSoftKsUFilter.dll
[2014/05/24 20:03:26 | 000,019,968 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys
[2014/05/24 20:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2014/05/24 20:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2014/05/20 09:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2014/05/20 09:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Toolbar
[2014/05/20 09:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
[2014/05/20 09:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell PC Fax
[2014/05/20 09:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell V310-V510 Series
[2014/05/20 09:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\dl_Cats
[2014/05/20 09:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V310-V510 Series
[2014/05/20 09:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/18 16:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/18 16:09:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2014/06/18 15:53:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/18 15:53:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/18 15:46:53 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\NUAutoUpdate.job
[2014/06/18 15:46:40 | 000,001,948 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk
[2014/06/18 15:45:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/18 15:45:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/18 15:44:50 | 981,184,510 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/18 15:40:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/18 15:00:21 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Simon\Desktop\JRT.exe
[2014/06/18 10:06:43 | 001,333,465 | ---- | M] () -- C:\Users\Simon\Desktop\adwcleaner_3.212.exe
[2014/06/18 09:56:40 | 000,000,512 | ---- | M] () -- C:\Users\Simon\Desktop\MBR.dat
[2014/06/18 09:22:59 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\Simon\Desktop\aswMBR.exe
[2014/06/18 08:50:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/06/18 08:40:54 | 000,003,212 | ---- | M] () -- C:\Users\Simon\Desktop\attach.zip
[2014/06/18 05:12:34 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2014/06/17 17:02:31 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Simon\Desktop\dds.com
[2014/06/17 11:55:02 | 000,353,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/17 06:39:16 | 000,001,690 | ---- | M] () -- C:\Windows\SysWow64\${LOGFILE}
[2014/06/17 06:26:44 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job
[2014/06/16 20:53:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/06/16 10:59:34 | 000,782,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/16 10:59:34 | 000,662,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/16 10:59:34 | 000,122,248 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/14 18:48:55 | 009,889,352 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2014/06/14 18:48:55 | 000,359,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2014/06/14 18:48:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/06/14 18:48:45 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2014/06/14 18:48:45 | 000,100,312 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/06/14 18:48:23 | 000,170,200 | ---- | M] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\bcbtums.sys
[2014/06/14 18:48:23 | 000,069,219 | ---- | M] () -- C:\Windows\SysNative\drivers\BCM20702A1_001.002.014.1315.1411.hex
[2014/06/14 18:44:47 | 000,128,200 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2014/06/14 17:47:26 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/06/14 17:45:24 | 000,002,094 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/06/14 10:14:57 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/12 21:41:59 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/08 10:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/08 10:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/03 17:22:58 | 000,001,237 | ---- | M] () -- C:\Users\Simon\Desktop\Free File Shredder.lnk
[2014/06/03 04:46:05 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/05/30 11:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/30 10:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/30 10:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/30 10:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/30 10:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/30 10:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/30 10:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/30 10:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/30 10:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/30 10:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/30 10:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/30 10:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/30 09:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/30 09:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/30 09:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/30 09:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/30 09:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/30 09:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/30 09:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/30 09:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/30 09:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/30 09:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/30 09:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/30 09:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/30 09:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/05/30 09:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/30 09:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/30 09:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/30 09:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/30 08:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/05/30 08:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/30 08:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/30 08:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/30 00:07:51 | 001,291,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll
[2014/05/30 00:07:51 | 001,122,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/05/30 00:07:38 | 001,715,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll
[2014/05/30 00:07:38 | 001,279,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2014/05/29 03:13:01 | 000,000,047 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\WB.CFG
[2014/05/28 06:49:39 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/28 06:49:39 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/28 06:49:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/28 06:49:39 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/25 13:28:29 | 000,015,976 | ---- | M] () -- C:\Windows\SysNative\drivers\RsProxy.sys
[2014/05/24 20:07:20 | 000,001,646 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
[2014/05/20 09:50:38 | 000,195,575 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/18 10:06:07 | 001,333,465 | ---- | C] () -- C:\Users\Simon\Desktop\adwcleaner_3.212.exe
[2014/06/18 09:56:40 | 000,000,512 | ---- | C] () -- C:\Users\Simon\Desktop\MBR.dat
[2014/06/18 08:40:54 | 000,003,212 | ---- | C] () -- C:\Users\Simon\Desktop\attach.zip
[2014/06/18 05:12:34 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2014/06/17 06:38:56 | 000,001,690 | ---- | C] () -- C:\Windows\SysWow64\${LOGFILE}
[2014/06/17 06:32:32 | 000,001,223 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/06/17 06:26:37 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\Guard-{67E160EA-8771-4172-86EB-AF21ADC868B9}.job
[2014/06/16 20:53:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/06/14 18:48:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2014/06/14 18:48:23 | 000,069,219 | ---- | C] () -- C:\Windows\SysNative\drivers\BCM20702A1_001.002.014.1315.1411.hex
[2014/06/14 17:45:24 | 000,002,094 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/06/14 17:34:51 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/06/14 09:44:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/06/03 17:22:58 | 000,001,237 | ---- | C] () -- C:\Users\Simon\Desktop\Free File Shredder.lnk
[2014/06/03 05:48:58 | 000,001,948 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series.lnk
[2014/06/03 04:46:05 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/05/29 03:13:01 | 000,000,047 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\WB.CFG
[2014/05/25 13:28:28 | 000,015,976 | ---- | C] () -- C:\Windows\SysNative\drivers\RsProxy.sys
[2014/05/24 20:07:20 | 000,001,646 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
[2014/05/20 09:50:32 | 000,509,952 | ---- | C] () -- C:\Windows\SysNative\DLEAwupd.dll
[2014/05/20 09:50:32 | 000,295,080 | ---- | C] () -- C:\Windows\SysNative\DLEAwupd.exe
[2014/05/20 09:50:13 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaserv.dll
[2014/05/20 09:50:13 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\dleausb1.dll
[2014/05/20 09:50:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomc.dll
[2014/05/20 09:50:13 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dleahbn3.dll
[2014/05/20 09:50:13 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dleapmui.dll
[2014/05/20 09:50:13 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacoms.exe
[2014/05/20 09:50:13 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\DLEAinst.dll
[2014/05/20 09:50:13 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dlealmpm.dll
[2014/05/20 09:50:13 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\DLEAinst.dll
[2014/05/20 09:50:13 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacfg.exe
[2014/05/20 09:50:13 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\dleacomm.dll
[2014/05/20 09:50:13 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dleainpa.dll
[2014/05/20 09:50:13 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\dleacomx.dll
[2014/05/20 09:50:13 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaiesc.dll
[2014/05/20 09:50:13 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dleaih.exe
[2014/05/20 09:50:13 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\dleains.dll
[2014/05/20 09:50:13 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\dleainsb.dll
[2014/05/20 09:50:13 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\dleacu.dll
[2014/05/20 09:50:13 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dleainsr.dll
[2014/05/20 09:50:13 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dleacub.dll
[2014/05/20 09:50:13 | 000,086,180 | ---- | C] () -- C:\Windows\SysWow64\DLEAcfg.dll
[2014/05/20 09:50:13 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\dleajswr.dll
[2014/05/20 09:50:13 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dleacur.dll
[2014/05/20 09:50:13 | 000,002,064 | ---- | C] () -- C:\Windows\SysWow64\dlea.loc
[2014/05/20 09:50:11 | 000,579,584 | ---- | C] ( ) -- C:\Windows\SysNative\dleacomm.dll
[2014/05/20 09:35:52 | 000,195,575 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2014/05/09 16:12:54 | 000,014,848 | ---- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/08 10:50:40 | 000,774,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/08 10:33:37 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2014/05/08 10:33:37 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2014/05/08 10:33:37 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2014/05/08 10:33:37 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/05/08 10:24:26 | 000,103,272 | ---- | C] () -- C:\Users\Simon\GoToAssistDownloadHelper.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/19 16:07:26 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Foxit Software
[2014/06/03 17:23:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Free File Shredder
[2014/06/14 18:21:40 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\IObit
[2014/05/08 12:03:38 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\IrfanView
[2014/06/14 09:35:57 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\KSafe
[2014/05/08 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Product_NU16
[2014/06/14 09:30:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\rightbackup
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:792D4CF1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >



#13 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 18 June 2014 - 09:40 AM

OTL Extras logfile created on: 18/06/2014 16:24:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
11.89 Gb Total Physical Memory | 9.66 Gb Available Physical Memory | 81.28% Memory free
23.77 Gb Paging File | 21.42 Gb Available in Paging File | 90.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.61 Gb Total Space | 288.27 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2615214989-2497064625-3642582449-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C5B354-7B39-4D10-800C-201ED9168A29}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{1A09DEF9-8574-47D6-973F-DA40732C4D4D}" = lport=445 | protocol=6 | dir=in | app=system |
"{3DDEDEBC-CD02-4A6C-BC90-79A7C6907483}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43A41F6B-3BB0-4F79-A730-F5722F7AC134}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A557C6E-2DBE-461D-9C25-6C8A2B49E476}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4AC02D85-EE13-4E82-B619-D686083B2AB7}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E750A2C-817A-4DFB-B8E7-D302732A6A8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{52D898D1-B23E-45F6-9E99-836B459333BE}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{67075A51-F22F-4327-8EEE-156C34D5A798}" = lport=137 | protocol=17 | dir=in | app=system |
"{6804CFA2-BEED-4B44-B348-26B185A8BFEB}" = rport=445 | protocol=6 | dir=out | app=system |
"{6EC1384C-EF57-4111-A020-81FF49223202}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7585A3A0-D7C6-4431-B72F-950AF2EDA8AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{83C35BD1-3385-48F3-AD1F-70706302F9E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F39F6E8-8415-4571-B6A4-BE5A703BCD06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{91AD6785-0862-4318-A057-A6E2930053BF}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{978E56D4-9142-4A4E-A3B0-AFCDAA24AFA8}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB80311D-3A57-4AC0-AB5A-8D22A9231A17}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{E9DC7F95-2F23-4036-A73B-1FE01E89208D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D7FAB9-2699-456D-B5CA-5C01F5A779F5}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe |
"{0B0EE4C7-BB18-44BC-9511-88B82E8DBD03}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{1BEE841E-8871-4832-94F8-923A67DE2D6C}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe |
"{2C23FF37-385C-4D7C-9F91-EF9A8A28737D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{51F7350B-BB4C-4397-8DAE-92EE54046E48}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{93F8AC8B-19C6-495F-A9E8-D5BD6D57823D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9C8C1A1E-1FDF-491D-AF96-152A232BAB98}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{9E70B823-2095-4771-BD1F-3166CBB80466}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BF7CF169-C7D1-4067-9AF4-17E4CAC3CDBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D6CB34C3-0165-4263-B0E1-5E1D180AB778}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DF68B3B6-2D4E-435E-B171-F939DD97874B}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{FEB60A9A-8BFC-4BAA-B555-EE665FCF312E}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicatorcom.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68C0736C-3E47-43A6-B14D-236BEF198A5F}" = HP Photosmart 5520 series Basic Device Software
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 14.6.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}" = HP Photosmart 5520 series Product Improvement Study
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center
"CCleaner" = CCleaner
"Dell V310-V510 Series" = Dell V310-V510 Series
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Ethernet Controller
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{465D6ACC-CAB9-40CD-ADAC-A91B071FA30E}" = HP Button Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7137E26A-10F7-4B1C-9980-0893579E92DA}" = HP Photosmart 5520 series Help
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{D10FE2E3-B2DE-4B0E-ACBD-F87A566B9649}" = HP Webcam Software Suite
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Edison" = VuRoom
"Foxit Reader_is1" = Foxit Reader
"Free File Shredder_is1" = Free File Shredder 5.5.2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center
"IrfanView" = IrfanView (remove only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"N360" = Norton 360
"Norton Utilities 16_is1" = Norton Utilities 16
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
 
< End of report >
 



#14 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 18 June 2014 - 10:12 AM

I dont see the entries for those Japanese adds on the OTL log, either there gone or it didnt find it.

 

Run this quick fix with OTL and post the log and then I am going to try another scanner to see if mshta  is still present

 

Open OTL.exe
  •  
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
 
 
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52819;https=127.0.0.1:52819
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52819;https=127.0.0.1:52819
IE - HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\SparkTrust\SparkTrust AntiVirus\SBRC.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto File not found
[2014/06/14 18:22:32 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
 
 
:Services
 
:Reg
 
:Files
ipconfig /flushdns /c
 
 
:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]
 
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
 
 
 
===================================================
 
 

 
(use correct version for your system.....Which system am I using?)
 
 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
 
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#15 kunash

kunash

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 19 June 2014 - 01:49 AM

otl reply

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2615214989-2497064625-3642582449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SBRegRebootCleaner not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 7 not found.
File C:\Windows\SysNative\SmartDefragBootTime.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Simon\Desktop\cmd.bat deleted successfully.
C:\Users\Simon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Simon
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Simon
->Temp folder emptied: 33494 bytes
->Temporary Internet Files folder emptied: 5284870 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7580 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 219122 bytes
 
Total Files Cleaned = 5.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06192014_084405

Files\Folders moved on Reboot...
C:\Users\Simon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWXNXIKO\xIAtSaglM8LZOYdGmG1JqQ[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\A4RWZsncmJ25G8iqn2EHN_esZW2xOQ-xsNqO47m55DA[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\EvPKapBawcLZ3hbihjhqAT8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\s-BiyweUPV0v-yRb-cjciBsxEYwM7FgeyaSgU71cLG0[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWJVQB4Q\sp1_LTSOMWWV0K5VTuZzvQ[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M7UXKKFR\index[3].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BTIB76ZR\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HP2VDI6\fastbutton[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HP2VDI6\like[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FMDW26J\HqHm7BVC_nzzTui2lzQTDT8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FMDW26J\postmessageRelay[1].htm moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OW6LABOA\reg2[1].htm moved successfully.
File\Folder C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users