|
|
|
How do I get rid of snapdo?
|
|
|
kookie56
Member
|
24. February 2014 @ 17:24 |
Link to this message
|
|
I got the virus (or malware) called snapdo.
I have tried everything to get rid of it.
I got rid of it on firefox, but can't get rid of it in internet explorer.
I did everything that I read on the net, including downloading and running Malwarebytes.
Snapdo is still listed in the "add/remove programs" and it is still in IE under toolbars.
I have reset IE (as it said on net).
I even tried to remove IE completley, so I could reinstall, but I couldn't get rid of IE completely.
How do I get rid of this thing!?!?!
PLEASE PLEASE HELP!!
Thank you
|
|
Advertisement
|
 |
|
|
AfterDawn Addict
|
24. February 2014 @ 17:55 |
Link to this message
|
Originally posted by kookie56:
I got the virus (or malware) called snapdo.
I have tried everything to get rid of it.
I got rid of it on firefox, but can't get rid of it in internet explorer.
I did everything that I read on the net, including downloading and running Malwarebytes.
Snapdo is still listed in the "add/remove programs" and it is still in IE under toolbars.
I have reset IE (as it said on net).
I even tried to remove IE completley, so I could reinstall, but I couldn't get rid of IE completely.
How do I get rid of this thing!?!?!
PLEASE PLEASE HELP!!
Thank you
You cannot remove IE. Windows must have it..
First try this:
--AdwCleaner--
Please download AdwCleaner by Xplode to your Desktop.
? Close all open programs and internet browsers.
? Double click on AdwCleaner.exe to run the tool.
? Click on Scan and then click Clean when finished scanning.
? A log file will automatically open after the scan has finished.
? Please post the content of that log file with your next answer.
? You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
If that don't remove it, we can dig it out with another program.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
kookie56
Member
|
24. February 2014 @ 20:18 |
Link to this message
|
|
Thanks soooooooo much!!! I finally got rid of it.
The only place it remains is in the "add/remove programs".
When I try to uninstall it from there, I get a box that says:
"The feature you are trying to use is on a network resource that is unavailable."
Below is the log you asked for:
# AdwCleaner v3.019 - Report created 24/02/2014 at 19:08:37
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cindy - MOVIE_MACHINE
# Running from : C:\Users\Cindy\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Yontoo Desktop Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Cindy\AppData\Local\iLivid
Folder Deleted : C:\Users\Cindy\AppData\Roaming\Desktopicon
Folder Deleted : C:\Users\Cindy\AppData\Roaming\DSite
Folder Deleted : C:\Users\Cindy\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Cindy\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\Extensions\anttoolbar@ant.com
File Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\Extensions\gophoto@gophoto.it.xpi
File Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\Extensions\translator@zoli.bod.xpi
File Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\Extensions\trtv3@trtv.com.xpi
File Deleted : C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\user.js
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
File Deleted : C:\Windows\System32\Tasks\NCH Software
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\prefs.js ]
Line Deleted : user_pref("extensions.crossrider.bic", "143bd1e054ba64773ffdd54cf075ad61");
Line Deleted : user_pref("extensions.helperbar.BackPageActive", true);
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 23203876);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
Line Deleted : user_pref("extensions.helperbar.backPageDay", 11);
Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1391986049502");
Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Deleted : user_pref("extensions.helperbar.barcodeid", "126634");
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "somotoch");
Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[]\"}");
Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Deleted : user_pref("extensions.helperbar.installationid", "03c89507-6dff-6e56-285a-e5661312b124");
Line Deleted : user_pref("extensions.helperbar.installdate", "11/02/2014");
Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1392158849");
Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1392232539987");
Line Deleted : user_pref("extensions.helperbar.publisher", "somoto");
-\\ Google Chrome v
[ File : C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [16062 octets] - [24/02/2014 19:06:54]
AdwCleaner[S0].txt - [15133 octets] - [24/02/2014 19:08:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15194 octets] ##########
If you know of a way to get rid of it in "add/remove programs, let me know.
Again....Thank you very much for your time and your help!!
|
AfterDawn Addict
|
24. February 2014 @ 20:41 |
Link to this message
|
Quote:
If you know of a way to get rid of it in "add/remove programs, let me know.
Again....Thank you very much for your time and your help!!
You're welcome, and you still have a lot of malware on your computer.
Run these and we'll see if we can clean you up...
?Junkware Removal Tool--
Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.
--RogueKiller--
? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+
Then run this and we'll clean up your add/remove, manually:
--OTL--
Please download OTL by OldTimer to your Desktop.
If you already have a copy of OTL, delete it and use this version.
Double click OTL.exe to launch the program.
Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)
Please post me both logs
2oG
|
|
kookie56
Member
|
25. February 2014 @ 01:41 |
Link to this message
|
|
can't find roguekiller
|
AfterDawn Addict
|
25. February 2014 @ 11:33 |
Link to this message
|
Originally posted by kookie56:
can't find roguekiller
sorry kookie I had to be out for a while. If you ran the others, please post the logs and I'll try to find a link for RK. may not need it.
|
AfterDawn Addict
|
25. February 2014 @ 12:56 |
Link to this message
|
Hi kookie56,
Here's an update. Looks like Tigzy has reworked RogueKiller to work with all Windows and has only one version now. Here is a download location:
http://en.kioskea.net/download/download-14877-roguekiller
From the looks of the AdwCleaner Log, you will still have some infection and malware that can slow you down and cause problems. Please run Junkware Removal Tool, RogueKiller and OTL, then post all logs and I'll help you clean the leftovers...
2oG
|
|
kookie56
Member
|
25. February 2014 @ 16:17 |
Link to this message
|
I just finished the scans with JRT and OTL.
JRT scan:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Cindy on Tue 02/25/2014 at 14:52:45.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
~~~ Files
Successfully deleted: [File] "C:\Users\Cindy\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Users\Cindy\AppData\Roaming\microsoft\windows\start menu\programs\ilivid.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Cindy\appdata\local\ilivid"
~~~ FireFox
Emptied folder: C:\Users\Cindy\AppData\Roaming\mozilla\firefox\profiles\0pg7l3sp.default-1383190998818\minidumps [65 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/25/2014 at 14:58:15.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL scan:
OTL logfile created on: 2/25/2014 3:09:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cindy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 3.91 Gb Available Physical Memory | 67.93% Memory free
11.50 Gb Paging File | 9.65 Gb Available in Paging File | 83.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.50 Gb Total Space | 788.86 Gb Free Space | 85.89% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 1.55 Gb Free Space | 11.99% Space Free | Partition Type: NTFS
Computer Name: MOVIE_MACHINE | User Name: Cindy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014/02/25 00:37:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cindy\Downloads\OTL.exe
PRC - [2014/02/24 19:30:22 | 000,249,440 | ---- | M] () -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/11/20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/10/23 01:06:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/07/08 10:41:54 | 000,044,064 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/07/11 01:04:00 | 000,022,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
PRC - [2012/07/05 19:47:08 | 000,535,184 | ---- | M] () -- C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2012/06/20 15:48:28 | 000,457,360 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2011/11/03 10:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\BoostSpeed.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2014/02/24 19:30:22 | 000,249,440 | ---- | M] () -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
MOD - [2011/11/03 10:21:06 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madExcept_.bpl
MOD - [2011/11/03 10:21:06 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madBasic_.bpl
MOD - [2011/11/03 10:21:06 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG PC TuneUp 10.0.0.27 PreCracked\madDisAsm_.bpl
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2014/02/06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/30 02:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2014/02/21 21:40:59 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 14:04:47 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/11/20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/10/23 01:06:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/08 10:41:54 | 000,044,064 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/18 07:40:50 | 000,341,136 | ---- | M] (Corel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe -- (RoxWatch14)
SRV - [2012/07/18 07:40:34 | 001,096,848 | ---- | M] (Corel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe -- (RoxMediaDB14)
SRV - [2012/07/11 01:04:00 | 000,022,160 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2012/07/05 19:47:08 | 000,535,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe -- (RoxioBurnLauncher)
SRV - [2012/06/20 15:48:28 | 000,457,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2013/11/25 01:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/23 01:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/28 11:49:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/03/04 06:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/10/24 11:10:28 | 000,981,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcCtrl.sys -- (ArcCtrl)
DRV:64bit: - [2012/09/04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/06/22 02:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/06/20 01:00:00 | 000,028,304 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64)
DRV:64bit: - [2012/06/20 01:00:00 | 000,027,792 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64)
DRV:64bit: - [2012/06/20 01:00:00 | 000,020,112 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 13:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/10/17 15:07:44 | 003,567,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2011/06/30 04:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/30 02:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/21 17:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/01 11:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-11109...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTer...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bing.com/
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\..\SearchScopes\{2C8DFBF8-1B8B-4647-8269-EF212ADD49AE}: "URL" = http://www.bing.com/search?FORM=UP94DF&...rc=IE-SearchBox
IE - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.2.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.PhotoFriendzy_82.com/Plugin: C:\Program Files (x86)\PhotoFriendzy_82EI\Installr\1.bin\NP82EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/02/18 20:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/24 15:43:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9caf5d89-eb75-43ab-9b57-9d4b5b6094ef}: C:\Program Files (x86)\Re-markit\150.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/02/18 20:28:45 | 000,000,000 | ---D | M]
[2013/06/26 13:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Extensions
[2014/02/24 19:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\extensions
[2014/01/23 17:12:48 | 000,000,000 | ---D | M] ("Flash Video Downloader") -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\extensions\artur.dubovoy@gmail.com
[2014/02/24 19:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\extensions
[2013/12/24 00:54:45 | 000,395,578 | ---- | M] () (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\extensions\ffext_basicvideoext@startpage24.xpi
[2013/12/17 14:13:16 | 000,046,057 | ---- | M] () (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\extensions\vdpure@link64.xpi
[2014/02/13 18:12:18 | 000,072,950 | ---- | M] () (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\0pg7l3sp.default-1383190998818\extensions\YoutubeDownloader@PeterOlayev.com.xpi
[2013/09/07 19:12:25 | 000,063,106 | ---- | M] () (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\extensions\s3google@translator.xpi
[2013/10/11 13:05:59 | 000,071,142 | ---- | M] () (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
[2013/08/04 14:11:47 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\giw3fvcd.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2014/02/14 14:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 14:04:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/29 06:28:49 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr90.dll
[2012/10/01 20:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013/07/17 09:05:48 | 000,141,088 | ---- | M] (Sling Media Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npSlingPlayer.dll
[color=#E56717]========== Chrome ==========[/color]
CHR - Extension: No name found = C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihogigemoecplkedmapfmfelpadlicg\1\
O1 HOSTS File: ([2014/02/18 21:35:51 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4259794245-1445099586-904811632-1001..\Run: [] File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4259794245-1445099586-904811632-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.138.0.4 216.138.27.254 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52804648-B80D-4A39-A6C1-1B789BF51872}: DhcpNameServer = 216.138.0.4 216.138.27.254 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B40E1FD7-1059-475C-896A-2D1159B6778B}: DhcpNameServer = 216.138.0.4 216.138.27.254 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014/02/25 14:52:42 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/25 05:10:15 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\17844
[2014/02/24 19:30:22 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\ExpressFiles
[2014/02/24 19:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
[2014/02/24 19:06:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/24 15:48:18 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2014/02/24 15:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2014/02/24 15:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/02/24 15:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2014/02/24 15:43:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/02/24 15:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014/02/24 15:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014/02/24 15:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/02/24 15:36:13 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/02/24 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Desktop\New folder
[2014/02/23 22:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer
[2014/02/23 01:41:58 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Malwarebytes
[2014/02/23 01:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/21 21:40:54 | 017,858,952 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/18 22:08:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/18 22:03:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/02/18 20:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2014/02/18 20:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2014/02/18 17:18:01 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\DVDVideoSoft
[2014/02/15 12:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio
[2014/02/15 12:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COWON
[2014/02/14 14:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/12 13:01:03 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\TorTemp
[2014/02/09 22:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\profile
[2014/02/09 22:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\plugins
[2014/02/09 22:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\dictionaries
[2014/02/09 22:49:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\components
[2014/02/09 22:05:49 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\27868
[2014/02/09 20:25:29 | 000,000,000 | ---D | C] -- C:\Users\Cindy\Documents\DVDFab 9.1.2.5 Final
[2014/02/09 20:24:23 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\7994
[2014/02/08 21:48:47 | 000,000,000 | ---D | C] -- C:\Users\Cindy\.android
[2014/02/08 21:48:46 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\cache
[2014/02/06 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2014/02/02 19:11:35 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\Avanquest North America
[2014/01/28 22:15:49 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Local\DvdSubExtractor
[2014/01/27 00:43:20 | 000,000,000 | ---D | C] -- C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/01/27 00:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/01/27 00:40:54 | 000,447,488 | ---- | C] (Gabest) -- C:\Windows\SysNative\MatroskaSplitter.ax
[2014/01/27 00:40:54 | 000,440,320 | ---- | C] (Gabest) -- C:\Windows\SysNative\RealMediaSplitter.ax
[2014/01/27 00:40:54 | 000,387,584 | ---- | C] (Gabest) -- C:\Windows\SysNative\OggSplitter.ax
[2014/01/27 00:40:54 | 000,241,664 | ---- | C] (-) -- C:\Windows\SysNative\CoreVorbis.ax
[2014/01/27 00:40:54 | 000,049,152 | ---- | C] (RadLight) -- C:\Windows\SysNative\RLOFRDec.ax
[2013/06/27 22:21:07 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Cindy\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014/02/25 14:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/25 13:20:47 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/25 13:20:47 | 000,650,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/25 13:20:47 | 000,118,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/25 13:06:15 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 13:06:15 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/25 13:00:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/25 13:00:32 | 334,974,975 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/25 01:12:03 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCindy.job
[2014/02/24 19:11:25 | 000,619,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/21 21:40:59 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/21 21:40:59 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/21 21:40:54 | 017,858,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/20 20:08:11 | 000,000,582 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\AutoGK.ini
[2014/02/18 21:38:34 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/02/18 21:35:51 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/02/18 21:32:04 | 000,782,470 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/18 20:47:08 | 000,207,047 | ---- | M] () -- C:\Windows\hpoins46.dat
[2014/02/18 20:28:05 | 000,001,277 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2014/02/18 20:27:16 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2014/02/18 16:19:56 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2014/02/15 12:16:12 | 000,001,807 | ---- | M] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\jetAudio.lnk
[2014/02/14 23:50:44 | 007,887,948 | ---- | M] () -- C:\Users\Cindy\Documents\E_eManual_X551CA_VER8290.pdf
[2014/02/09 19:07:18 | 000,001,062 | ---- | M] () -- C:\Users\Cindy\AppData\Roaming\DVDSubEdit.ini
[2014/01/31 22:17:39 | 000,123,269 | ---- | M] () -- C:\Users\Cindy\Documents\Thor the Dark World 2013.srt
[2014/01/28 22:26:25 | 027,938,233 | ---- | M] () -- C:\Users\Cindy\AppData\Local\OcrMap.bin
[2014/01/27 13:13:46 | 000,002,263 | ---- | M] () -- C:\Users\Cindy\Documents\47.ronin.(2013).eng.1cd.(5491846).zip
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014/02/18 20:28:05 | 000,001,277 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2014/02/18 20:27:16 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2014/02/18 20:08:13 | 000,207,047 | ---- | C] () -- C:\Windows\hpoins46.dat
[2014/02/15 12:16:12 | 000,001,807 | ---- | C] () -- C:\Users\Cindy\Application Data\Microsoft\Internet Explorer\Quick Launch\jetAudio.lnk
[2014/02/14 23:51:20 | 007,887,948 | ---- | C] () -- C:\Users\Cindy\Documents\E_eManual_X551CA_VER8290.pdf
[2014/02/09 22:49:51 | 004,380,384 | ---- | C] () -- C:\Windows\SysWow64\omni.ja
[2014/02/09 22:49:51 | 000,001,221 | ---- | C] () -- C:\Windows\SysWow64\precomplete
[2014/02/09 22:49:51 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\softokn3.chk
[2014/02/09 22:49:51 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\nssdbm3.chk
[2014/02/09 22:49:51 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\freebl3.chk
[2014/02/09 22:49:51 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\dependentlibs.list
[2014/02/01 10:29:44 | 000,123,269 | ---- | C] () -- C:\Users\Cindy\Documents\Thor the Dark World 2013.srt
[2014/01/27 13:13:51 | 000,002,263 | ---- | C] () -- C:\Users\Cindy\Documents\47.ronin.(2013).eng.1cd.(5491846).zip
[2014/01/27 00:40:54 | 000,606,208 | ---- | C] () -- C:\Windows\SysNative\CoreAAC.ax
[2014/01/27 00:40:54 | 000,237,568 | ---- | C] () -- C:\Windows\SysNative\OptimFROG.dll
[2014/01/27 00:39:21 | 000,965,120 | ---- | C] () -- C:\Windows\SysNative\ac3filter.acm
[2014/01/27 00:34:50 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2014/01/27 00:34:50 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014/01/27 00:34:50 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2014/01/27 00:34:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014/01/27 00:34:50 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2014/01/27 00:34:50 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2014/01/24 13:43:41 | 000,075,040 | ---- | C] () -- C:\Program Files (x86)\Common Files\SpeechUninstall.exe
[2013/12/26 19:34:24 | 000,001,056 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/12/01 17:53:39 | 000,000,072 | ---- | C] () -- C:\Users\Cindy\AppData\Local\rx_image32.Cache
[2013/10/24 14:00:59 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2013/10/24 14:00:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2013/09/12 16:31:42 | 027,938,233 | ---- | C] () -- C:\Users\Cindy\AppData\Local\OcrMap.bin
[2013/09/12 16:20:14 | 000,001,062 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\DVDSubEdit.ini
[2013/08/27 13:54:54 | 000,941,992 | ---- | C] () -- C:\Windows\SysWow64\WPShellExt64.dll
[2013/08/27 12:51:52 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\WS_VideoConverterContextMenu.dll
[2013/08/12 19:34:32 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MOVIE_MACHINE-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/07/26 23:08:08 | 000,000,110 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\WB.CFG
[2013/07/26 23:00:55 | 000,003,584 | ---- | C] () -- C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/25 13:45:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/07/22 20:17:20 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/07/10 14:03:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/06/27 22:21:07 | 000,099,384 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\inst.exe
[2013/06/27 22:21:07 | 000,007,859 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\pcouffin.cat
[2013/06/27 22:21:07 | 000,001,167 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\pcouffin.inf
[2013/06/26 13:59:42 | 000,003,715 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/06/24 14:56:23 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\accessibillitycpl.dll
[2013/06/24 14:55:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\browwseui.dll
[2013/06/23 19:24:27 | 000,000,120 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\FixVTS.ini
[2013/06/23 15:08:05 | 000,000,005 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\WBPU-TTL.DAT
[2013/06/22 22:13:21 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013/06/22 22:13:21 | 000,001,947 | ---- | C] () -- C:\Windows\unins000.dat
[2013/06/22 21:42:10 | 000,782,470 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/22 21:07:49 | 000,000,582 | ---- | C] () -- C:\Users\Cindy\AppData\Roaming\AutoGK.ini
[2013/06/22 21:02:31 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2013/06/22 21:02:31 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2013/06/22 21:02:30 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cdTextCtl.dll
[2013/02/24 15:14:24 | 000,038,720 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2013/02/24 08:05:32 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013/02/24 08:03:22 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013/02/24 08:03:18 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013/02/24 08:03:16 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013/02/24 08:03:14 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013/02/24 08:03:12 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013/02/24 08:03:12 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013/02/10 08:15:04 | 000,384,472 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013/02/10 08:15:04 | 000,188,072 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2013/02/10 08:15:02 | 007,833,552 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2013/02/10 08:15:02 | 001,256,952 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2013/02/10 08:15:02 | 000,247,920 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013/02/10 08:15:02 | 000,169,888 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2013/02/10 08:15:02 | 000,165,160 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2012/09/29 16:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012/07/30 22:10:28 | 000,002,462 | ---- | C] () -- C:\ProgramData\regid.2012-08.com.Corel,Roxio_76C7858E-078C-4C49-AB1A-2A7072664935.swidtag
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
I will download the other and let you know what it's scan says.
|
|
kookie56
Member
|
25. February 2014 @ 16:41 |
Link to this message
|
I downloaded and used the roguekiller.
The log said:
RogueKiller V8.7.1 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cindy [Admin rights]
Mode : Scan -- Date : 02/25/2014 15:36:37
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] KMS Activation for Office : C:\Windows\KMSAct.exe [x] -> FOUND
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 1186c541b6c2099e4a56abc539f088aa
[BSP] 7a2346c6aa9db3d3c4910d19548530fe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 940543 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1926438912 | Size: 13224 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] d78586d8c3df4d63bcc97d4ca9e7791e
[BSP] 3782e7a57facf41ed6c47f1ddc86c814 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
+++++ PhysicalDrive1: \\.\PHYSICALDRIVE1 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: \\.\PHYSICALDRIVE2 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: \\.\PHYSICALDRIVE3 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: \\.\PHYSICALDRIVE4 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_S_02252014_153637.txt >>
When I clicked on "delete" for the checked boxes, it gave me a second log:
RogueKiller V8.7.1 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cindy [Admin rights]
Mode : Remove -- Date : 02/25/2014 15:37:47
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] KMS Activation for Office : C:\Windows\KMSAct.exe [x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST310005 28AS SATA Disk Device +++++
--- User ---
[MBR] 1186c541b6c2099e4a56abc539f088aa
[BSP] 7a2346c6aa9db3d3c4910d19548530fe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 940543 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1926438912 | Size: 13224 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] d78586d8c3df4d63bcc97d4ca9e7791e
[BSP] 3782e7a57facf41ed6c47f1ddc86c814 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
+++++ PhysicalDrive1: \\.\PHYSICALDRIVE1 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: \\.\PHYSICALDRIVE2 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: \\.\PHYSICALDRIVE3 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: \\.\PHYSICALDRIVE4 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_D_02252014_153747.txt >>
RKreport[0]_S_02252014_153637.txt
I hope you understand all this.
Thanks for your help.
|
AfterDawn Addict
|
25. February 2014 @ 17:00 |
Link to this message
|
I do understand it, Cindy, I've been doing this for about 50 years.....
I will look over all the logs and help you clean up and show you how to block this kind of a mess before it gets started.
In the mean time Please run this to give me a little more info:
-Security Check-
Download Security Check by screen317.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
And I'll be back,
2oG
|
|
kookie56
Member
|
25. February 2014 @ 17:10 |
Link to this message
|
|
By the way, snapdo is still listed in the "add/remove".
|
|
Advertisement
|
|
|
AfterDawn Addict
|
25. February 2014 @ 17:16 |
Link to this message
|
|
It's not really there.. it's not harmful and we can remove it a little later.
|
|
