# Unidenttfied network



## DennisI (Apr 24, 2014)

I hope I can explain this problem accurately. I am old and not tech savvy. Anyway a few days ago I became unable to get to the internet. I can connect ok, but it says "unidentified network". IK have tried a solution I found on the internet (using a different computer) to no avail. Through playing around with things I have found the following "solution". Go into safe mode and restore to a date prior to my problems. This allows connection to the internet but I can not look at or modify the network profile. When I reboot the system reverts to its previous state. In looking through here I see that you may need this:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Dennis>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : SonofSam2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wellington.local

Wireless LAN adapter Wireless Network Connection 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-22-B0-EB-66-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : wellington.local
Description . . . . . . . . . . . : D-Link WUA-1340 USB Adapter #2
Physical Address. . . . . . . . . : 00-22-B0-EB-66-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ed4b:8840:f723:acb7%21(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.16.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, April 27, 2014 1:24:15 PM
Lease Expires . . . . . . . . . . : Sunday, April 27, 2014 3:54:00 PM
Default Gateway . . . . . . . . . : 192.168.16.254
DHCP Server . . . . . . . . . . . : 192.168.16.254
DHCPv6 IAID . . . . . . . . . . . : 536879792
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-C2-7B-8D-C8-1F-66-0E-0D-EB

DNS Servers . . . . . . . . . . . : 10.220.5.1
192.1.4.78
Primary WINS Server . . . . . . . : 10.220.5.1
Secondary WINS Server . . . . . . : 192.1.4.78
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wellington.local
Description . . . . . . . . . . . : Dell Wireless 1506 802.11b/g/n (2.4GHz)
Physical Address. . . . . . . . . : 70-18-8B-81-0B-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-1F-66-0E-0D-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A212E3F6-9AD2-4F19-97CC-F9EA15719A5D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.wellington.local:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wellington.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{58B11889-A19A-43F8-86D6-BC072927283D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

And this too I guess:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 2
RAM: 3967 Mb
Graphics Card: Intel(R) HD Graphics, 7 Mb
Hard Drives: C: Total - 454712 MB, Free - 383235 MB; G: Total - 305168 MB, Free - 97909 MB;
Motherboard: Dell Inc., 0XFWHV
Antivirus: None

I notice it says no antivirus....I normally run Avast. And have also run Malwarebytes.
Any help would sure be appreciated.


----------



## etaf (Oct 2, 2003)

it maybe the DNS servers listed

can you have a look at the following and see if you can set to automatic for DNS

Setup to Automatically get IP and DNS
WINDOWS 7
---------
* Setup to Automatically get an IP and DNS (DHCP) - for Windows 7 *
http://windows.microsoft.com/en-US/windows7/Change-TCP-IP-settings


> From a TerryNet post
> To configure a dynamic IP address on your Windows Vista or 7 computer:
> 
> 1. Click Start.
> ...


we may need to also look at the advanced settings for DNS and WINS

but lets try just setting DNS to automatic first

anything you dont understand - please just post back and we will try and explain differently


----------



## DennisI (Apr 24, 2014)

I was doing good until step 4. No properties button accessible.


----------



## etaf (Oct 2, 2003)

perhaps we can see a screen shot or two

you have to click on the IPv4 line and properties appears

the link shows the images

To post a screen shot of the active window.

*Vista or Windows 7*
you can use the "snipping tool" which is found in Start> All programs> Accessories> Snipping Tool
http://www.bleepingcomputer.com/tutorials/how-to-use-the-windows-snipping-tool/

To upload the screen shot to the forum, open the full reply window ("Go Advanced" button) and use the Manage Attachments button to upload it here.
Full details are available here http://library.techguy.org/wiki/TSG_Posting_a_Screenshot


----------



## DennisI (Apr 24, 2014)

Not sure if I did this right.


----------



## etaf (Oct 2, 2003)

yes , you have done it correctly 

are you an admin user ?
is this a work computer ?

control panel> user accounts and family safety > user accounts 
should say what type of user you are on the right


----------



## DennisI (Apr 24, 2014)

Yes I am administrator and this is a home computer used only by me.


----------



## etaf (Oct 2, 2003)

*------------------------------------------------------------------------*

*TCP/IP stack repair options for use with Vista/Windows 7/Windows 8*

For Windows Vista/Windows 7/8
Start> Programs> Accessories> and *right click on Command Prompt, select "Run as Administrator" * to open a command prompt box (A new dialogue box - black with white font, will appear on the screen ):​
For Windows 8 
To open a Cmd Prompt or an Administrator Cmd prompt from the Desktop. Use Win + X and choose Command Prompt or Command Prompt (Admin) from the list.​
In the command prompt window that opens, type the following commands:

_Note: Type only the text in *bold* and *red* for the following commands._


Reset WINSOCK entries to installation defaults: *netsh winsock reset catalog* and press _enter_

Reset IPv4 TCP/IP stack to installation defaults. *netsh int ipv4 reset reset.log* and press _enter_

Reset IPv6 TCP/IP stack to installation defaults. *netsh int ipv6 reset reset.log* and press _enter_
ReStart (reboot) the machine.

If you receive the message 
*The requested operation requires elevation.*
Then please open the command prompt as administrator - as requested above 
Start> Programs> Accessories> and *right click on Command Prompt, select "Run as Administrator" * to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):​Please note and post back - if you receive the following message :-
*Access is Denied*
This often occurs with windows 8

please post back the results in a reply here - its important we know that these commands have worked correctly and not produced any errors
right click in the command prompt box
select all
enter
control key + C key - to copy
then reply here and 
control key + V to paste

Details also here
http://support.microsoft.com/kb/299357
also the link has a Microsoft * Fix it *, which will do the above for you

*------------------------------------------------------------------------*


----------



## DennisI (Apr 24, 2014)

The problem there is that when I reboot the system reverts to its prior state. And for some reason I can not create restore point (and neither could Fix It). Sounds kinda like a rock and a hard place


----------



## etaf (Oct 2, 2003)

> The problem there is that when I reboot the system reverts to its prior state


 dont understand

did tcp/ip reset work and fix the problem and then a reboot created the problem again ?


----------



## DennisI (Apr 24, 2014)

I got no errors on the 3 commands, but when I rebooted the system the changes were gone. Tried to create a restore point after making the changes again, but it failed.


----------



## etaf (Oct 2, 2003)

> but when I rebooted the system the changes were gone


 what changes ?


----------



## DennisI (Apr 24, 2014)

The tcp/ip reset changes.


----------



## etaf (Oct 2, 2003)

what makes you think a reboot changed anything - sorry i'm not following you


----------



## DennisI (Apr 24, 2014)

The system was again unable to connect to the internet. And the TCP/IPv4 properties button was still shaded. Additionally I was prompted to install virus software that was previously installed.


----------



## etaf (Oct 2, 2003)

do you have Avast installed at all ?

I would remove that and any other security suite - see if that makes any difference

try
*Safemode with networking*
with a cable connected from PC to router 
check the cable - see if there is a light on the router associated with the cable port used , also check if you have a green/yellow light on the PC LAN port (some PCs do not have any lights on the LAN port - so ignore)
- try *safemode with networking * (sometimes wireless does not work with safemode )
as the PC starts keep tapping F8 - a menu appears - choose 
*safemode with networking* - see if that works


----------



## DennisI (Apr 24, 2014)

No go on *safemode with networking WiFi would not work. Also I am unable to try the cable connect because I have no access to the router. WiFi is provided by where I live ( a nursing home). No one else is having any problems.*


----------



## etaf (Oct 2, 2003)

> do you have Avast installed at all ?
> 
> I would remove that and any other security suite - see if that makes any difference


in the screen shot you have 
GFI Software Firewall NDIS IM Filter

did you install another firewall

there are reports of issues with networking using this product
it appears this firewall is linked with the network adapters and so maybe causing the issue you have


----------



## DennisI (Apr 24, 2014)

I turned off all Avast functions and it made no difference.


----------



## etaf (Oct 2, 2003)

you may need to uninstall - but what about 

GFI Software Firewall NDIS IM Filter


----------



## DennisI (Apr 24, 2014)

I'm sorry but I don't know what that is. I have only used the Avast firewall or the Windows firewall (not at the same time)


----------



## etaf (Oct 2, 2003)

ok - lets see if we can remove it 

can you goto 
control panel >
uninstall programs >

see if there is anything like that listed 

if not we may just unistall/delete from the list shown in your screen shot


----------



## DennisI (Apr 24, 2014)

Didn't find anything like that at all.


----------



## etaf (Oct 2, 2003)

go back to the screen shot and click on the 
GFI Software Firewall NDIS IM Filter

does the uninstall button appear ?


----------



## DennisI (Apr 24, 2014)

The uninstall button is there, but clicking it seems to do nothing.


----------



## etaf (Oct 2, 2003)

i wonder if you have a virus ?

can you follow this post and post the required logs

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html


----------



## DennisI (Apr 24, 2014)

I get a 404 on that link.


----------



## etaf (Oct 2, 2003)

strange

its a sticky in the virus forum

virus & other malware removal

and at the top of the forum

Everyone MUST read this BEFORE posting for help in this forum

see if doing that way works

have a look at see if there is a proxy set on the browser - what browser are you using ?

*------------------------------------------------------------------------*

* Remove any proxy settings *
Check your browser's settings, remove or uncheck any proxy settings if found

http://www.plus.net/support/software/browsers/proxies.shtml

http://www.ehow.com/how_5512742_remove-proxy-server.html

*------------------------------------------------------------------------*


----------



## DennisI (Apr 24, 2014)

Hijack this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:31:47 PM, on 5/1/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~2\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Aurora\firefox.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_199.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_199.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Users\Dennis\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=100&itype=n&ver=11471&tm=308&src=hmp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/U223_FRPage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 199.21.112.35 clicks.aweber.com
O1 - Hosts: 199.21.112.35 main.exoclick.com
O1 - Hosts: 199.21.112.35 www.ininbox.com
O1 - Hosts: 199.21.112.35 click.icptrack.com
O1 - Hosts: 199.21.112.35 untappedresults.ontraport.net
O1 - Hosts: 199.21.112.35 amviplink.ontraport.net
O1 - Hosts: 199.21.112.35 lurnmail.com
O1 - Hosts: 199.21.112.35 www.lurnmail.com
O1 - Hosts: 199.21.112.35 gvomail.com
O1 - Hosts: 199.21.112.35 www.gvomail.com
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Copernic Desktop Search 4] "C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe" /tray
O4 - HKCU\..\Run: [iLivid] "C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Weather Alerts.lnk = C:\Users\Dennis\AppData\Local\WeatherAlerts\WeatherAlerts.exe
O4 - Startup: Webshots Wallpaper & Screensaver.lnk = C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe
O4 - Global Startup: GomezPEER.lnk = C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ParetoLogic Internet Security (SBAMSvc) - Unknown owner - C:\Program Files (x86)\ParetoLogic\ParetoLogic Internet Security\SBAMSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Systemk Service (SystemkService) - Aztec Media Inc - C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 16794 bytes

DDS:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 10/30/2013 2:09:17 PM
System Uptime: 5/1/2014 11:42:00 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0XFWHV 
Processor: Intel(R) Pentium(R) CPU G2030 @ 3.00GHz | CPU 1 | 3000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 444 GiB total, 372.947 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (FAT32) - 298 GiB total, 87.803 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP270: 4/17/2014 4:33:06 AM - SpeedyPC Pro Backup
RP271: 4/17/2014 3:12:18 PM - Installed Google Drive
RP272: 4/17/2014 3:15:35 PM - Installed Java 8 Update 5 (64-bit)
RP273: 4/17/2014 3:20:31 PM - Windows Live Essentials
RP274: 4/17/2014 3:21:32 PM - Installed DirectX
RP275: 4/17/2014 3:22:44 PM - Installed DirectX
RP276: 4/17/2014 3:23:25 PM - Installed DirectX
RP277: 4/17/2014 3:24:07 PM - WLSetup
RP279: 4/17/2014 3:32:02 PM - Revo Uninstaller Pro's restore point - µTorrent
RP281: 4/17/2014 3:32:27 PM - Revo Uninstaller Pro's restore point - µTorrent
RP283: 4/17/2014 3:32:44 PM - Revo Uninstaller Pro's restore point - µTorrent
RP284: 4/18/2014 10:21:18 AM - Windows Update
RP285: 4/18/2014 1:05:46 PM - avast! antivirus system restore point
RP286: 4/18/2014 2:35:28 PM - SpeedyPC Pro Backup
RP287: 4/18/2014 2:44:34 PM - SpeedyPC Pro Backup
RP288: 4/18/2014 3:42:52 PM - Restore Operation
RP289: 4/18/2014 7:34:16 PM - SpeedyPC Pro Backup
RP290: 4/18/2014 7:45:59 PM - SpeedyPC Pro Backup
RP291: 4/18/2014 9:54:51 PM - Restore Operation
RP293: 4/19/2014 11:33:51 AM - Revo Uninstaller Pro's restore point - v9 uninstaller
RP295: 4/19/2014 11:36:58 AM - Revo Uninstaller Pro's restore point - Windows Live Essentials
RP296: 4/19/2014 11:37:54 AM - Windows Live Essentials
RP297: 4/19/2014 11:38:21 AM - WLSetup
RP298: 4/19/2014 11:51:05 AM - SpeedyPC Pro Backup
RP304: 4/19/2014 4:03:34 PM - Restore Operation
RP305: 4/19/2014 4:41:29 PM - SpeedyPC Pro Backup
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: bundlesweetimsetup.exe - tasklist.exe
IFEO: cltmngsvc.exe - tasklist.exe
IFEO: delta babylon.exe - tasklist.exe
IFEO: delta tb.exe - tasklist.exe
IFEO: delta2.exe - tasklist.exe
IFEO: deltainstaller.exe - tasklist.exe
IFEO: deltasetup.exe - tasklist.exe
IFEO: deltatb.exe - tasklist.exe
IFEO: deltatb_2501-c733154b.exe - tasklist.exe
IFEO: dprotectsvc.exe - tasklist.exe
IFEO: iminentsetup.exe - tasklist.exe
IFEO: jumpflip - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: rjatydimofu.exe - tasklist.exe
IFEO: searchinstaller.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: searchprotector.exe - tasklist.exe
IFEO: searchsettings.exe - tasklist.exe
IFEO: searchsettings64.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: sweetimsetup.exe - tasklist.exe
IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
IFEO: umbrella.exe - tasklist.exe
IFEO: utiljumpflip.exe - tasklist.exe
IFEO: volaro - tasklist.exe
IFEO: vonteera - tasklist.exe
IFEO: websteroids.exe - tasklist.exe
IFEO: websteroidsservice.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browsermngr.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: browsersafeguard.exe - tasklist.exe
x64-IFEO: bundlesweetimsetup.exe - tasklist.exe
x64-IFEO: cltmngsvc.exe - tasklist.exe
x64-IFEO: delta babylon.exe - tasklist.exe
x64-IFEO: delta tb.exe - tasklist.exe
x64-IFEO: delta2.exe - tasklist.exe
x64-IFEO: deltainstaller.exe - tasklist.exe
x64-IFEO: deltasetup.exe - tasklist.exe
x64-IFEO: deltatb.exe - tasklist.exe
x64-IFEO: deltatb_2501-c733154b.exe - tasklist.exe
x64-IFEO: dprotectsvc.exe - tasklist.exe
x64-IFEO: iminentsetup.exe - tasklist.exe
x64-IFEO: jumpflip - tasklist.exe
x64-IFEO: protectedsearch.exe - tasklist.exe
x64-IFEO: rjatydimofu.exe - tasklist.exe
x64-IFEO: searchinstaller.exe - tasklist.exe
x64-IFEO: searchprotection.exe - tasklist.exe
x64-IFEO: searchprotector.exe - tasklist.exe
x64-IFEO: searchsettings.exe - tasklist.exe
x64-IFEO: searchsettings64.exe - tasklist.exe
x64-IFEO: snapdo.exe - tasklist.exe
x64-IFEO: stinst32.exe - tasklist.exe
x64-IFEO: stinst64.exe - tasklist.exe
x64-IFEO: sweetimsetup.exe - tasklist.exe
x64-IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
x64-IFEO: umbrella.exe - tasklist.exe
x64-IFEO: utiljumpflip.exe - tasklist.exe
x64-IFEO: volaro - tasklist.exe
x64-IFEO: vonteera - tasklist.exe
x64-IFEO: websteroids.exe - tasklist.exe
x64-IFEO: websteroidsservice.exe - tasklist.exe
.
==== Hosts File Hijack ======================
.
Hosts: 199.21.112.35 clicks.aweber.com
Hosts: 199.21.112.35 main.exoclick.com
Hosts: 199.21.112.35 www.ininbox.com
Hosts: 199.21.112.35 click.icptrack.com
Hosts: 199.21.112.35 untappedresults.ontraport.net
Hosts: 199.21.112.35 amviplink.ontraport.net
Hosts: 199.21.112.35 lurnmail.com
Hosts: 199.21.112.35 www.lurnmail.com
Hosts: 199.21.112.35 gvomail.com
Hosts: 199.21.112.35 www.gvomail.com
.
==== Installed Programs ======================
.
µTorrent
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader Free Download Packages
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.1
Apple Application Support
Apple Software Update
Ashampoo Gadge It v.1.0.1
Ashampoo HDD Control 2 v.2.1.0
Ashampoo Internet Accelerator 3 v.3.20
Ashampoo WinOptimizer 10 v.10.3.0
Aurora 29.0a2 (x86 en-US)
AutoBinaryEA
AutoEABinary
avast! Internet Security
Banctec Service Agreement
Big Fish: Game Manager
Binary Option Robot version 1.1
Buxenger
CCleaner
CDBurnerXP
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Cooking Academy: Restaurant Royale
Copernic Desktop Search 4
D3DX10
Dell Digital Delivery
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell System Detect
Dell Wireless Driver Installation
Dell WLAN and Bluetooth Client Installation
DesktopWeatherAlerts
DHTML Editing Component
DivX Setup
DownLite
DriveImage XML (Private Edition)
Easy Clone Detective
eBay
File Type Assistant
FileHippo.com Update Checker
Free File Viewer 2014
Free ISO Creator version 2.8
fTalk
Glary Utilities 4.9
GomezPEER
Google Chrome
Google Drive
Google Earth
Google Update Helper
Idle Processor Utilization Services version IPUS 2.01
iLivid
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Intel® Watchdog Timer Driver (Intel® WDT)
iSpy (64 bit)
Java 7 Update 10
Java 7 Update 51
Java 8 (64-bit)
Java Auto Updater
Junk Mail filter update
Linkey
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 2.00.0.1000
MetaTrader 4
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monitor Integrated Webcam Driver (1.00.13.0608) 
Movie Maker
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 28.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
My Singing Monsters
MyPC Backup 
OpenOffice 4.0.1
OpenOffice Beta 4.1.0
PeaZip 5.3.0
Photo Common
Photo Gallery
Premium Service Agreement
Process Lasso
PySol Fan Club edition v.2.0
PySolFC Solitaire (a freeware Solitaire Game) version 1.1
QualxServ Service Agreement
QuickTime 7
RadarSync PC Updater 2013
RealDownloader
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recuva
Registry Defragmentation
Registry Defragmentation Compatibility Patch
Revo Uninstaller Pro 3.0.8
RoboForm 7-9-6-7 (All Users)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Settings Manager
Shared C Run-time for x64
Simple Search-Replace
Skype Click to Call
Skype 6.14
Software Informer 1.2
Speccy
SpeedyPC Pro
Stardock Fences 2
Stardock ObjectDock
Start Menu X version 5.02
Super Internet TV v8.0 (Free Edition)
swMSM
TeraCopy 2.3
The Path of Hercules
Turbo Lister 2
UpdateService
uPlayer
uTorrentMC
VC80CRTRedist - 8.0.50727.6195
WeatherBug
Webshots Extractor version 1.0.0.000
Webshots Wallpaper & Screensaver version 1.5.0.31
WebsiteGenerator version 1.0
WhoCrashed 5.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
WinUtilities Professional Edition 11.13
.
==== Event Viewer Messages From Past Week ========
.
5/1/2014 12:38:45 PM, Error: volsnap [67] - The shadow copy of volume \\?\Volume{604b6b44-1b17-11e3-8434-806e6f6e6963} being created failed to install.
5/1/2014 12:12:05 PM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
5/1/2014 11:52:45 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
5/1/2014 11:50:45 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/1/2014 11:47:11 AM, Error: Service Control Manager [7000] - The ParetoLogic Internet Security service failed to start due to the following error: The system cannot find the file specified.
5/1/2014 11:43:53 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 14001
5/1/2014 11:32:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/1/2014 11:30:58 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2014 11:27:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/1/2014 11:27:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/1/2014 11:27:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/1/2014 11:27:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/1/2014 11:27:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/1/2014 11:27:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/1/2014 11:27:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswNdisFlt aswRdr aswRvrt aswSnx aswSP aswVmm DfsC discache F06DEFF2-5B9C-490D-910F-35D3A9119622 NetBIOS NetBT nsiproxy Psched rdbss SbFw spldr tdx vwififlt Wanarpv6 WfpLwf
5/1/2014 11:27:24 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2014 11:27:24 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2014 11:27:24 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2014 11:27:24 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2014 11:27:24 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2014 11:27:24 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/1/2014 11:27:23 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2014 11:27:23 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2014 11:27:23 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/1/2014 11:27:23 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2014 5:18:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
4/30/2014 2:45:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswNdisFlt aswRdr aswRvrt aswSnx aswSP aswVmm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SbFw spldr tdx vwififlt Wanarpv6 WfpLwf
4/30/2014 12:20:00 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
4/30/2014 12:10:01 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:8883. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
4/30/2014 12:09:44 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
4/30/2014 12:09:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswNdisFlt
4/30/2014 12:09:01 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
4/30/2014 12:09:01 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:5357. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
4/30/2014 12:09:01 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:26143. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
4/29/2014 7:03:24 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
4/29/2014 7:03:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswNdisFlt aswRvrt aswSnx aswSP aswVmm discache F06DEFF2-5B9C-490D-910F-35D3A9119622 spldr Wanarpv6
4/29/2014 3:02:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2014 2:53:30 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2014 12:05:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ashampoo HDD Control 2 Service service to connect.
4/29/2014 1:43:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/28/2014 2:20:24 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/28/2014 2:20:24 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
4/27/2014 12:55:44 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/27/2014 12:55:44 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
4/26/2014 7:12:28 PM, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.
4/25/2014 8:40:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
4/25/2014 8:40:41 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Dennis at 13:30:32 on 2014-05-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3968.1716 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
C:\Program Files (x86)\Settings Manager\systemk\systemku.exe
C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe
C:\Users\Dennis\AppData\Local\Apps\2.0\9HB3O0ZZ.0E5\WRA2X73C.TR7\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~2\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Start Menu X\StartMenuX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Aurora\firefox.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Program Files (x86)\Aurora\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_90.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_90.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.default-search.net?sid=492&aid=100&itype=n&ver=11471&tm=308&src=hmp
uSearch Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
uSearch Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [DellSystemDetect] C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Google Update] "C:\Users\Dennis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Copernic Desktop Search 4] "C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe" /tray
uRun: [iLivid] "C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Dennis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEATHE~1.LNK - C:\Users\Dennis\AppData\Local\WeatherAlerts\WeatherAlerts.exe
StartupFolder: C:\Users\Dennis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEBSHO~1.LNK - C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOMEZP~1.LNK - C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: EnableLUA = dword:0
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.220.5.1 192.1.4.78
TCP: Interfaces\{21989C18-03F7-4187-A0CA-A15DACCD50B9} : DHCPNameServer = 10.220.5.1 192.1.4.78
TCP: Interfaces\{21989C18-03F7-4187-A0CA-A15DACCD50B9}\E4572737563616275602F66602245736B686561646 : DHCPNameServer = 10.220.5.1 192.1.4.78
TCP: Interfaces\{614A7897-5369-4AF6-85EC-18F220588CB2} : DHCPNameServer = 10.220.5.1 192.1.4.78
TCP: Interfaces\{A900F906-1F5E-44FB-93E3-B8E605939FD8} : DHCPNameServer = 10.220.5.1 192.1.4.78
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1933.0\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtD0EtD0D0E0B0AtAyCyDtN0D0Tzu0SyBtAzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2118251588&ir=
x64-mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
x64-BHO: Plus-HD-7.5: {11111111-1111-1111-1111-110511071176} - LocalServer32 - <no file>
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 
x64-BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [Ashampoo HDD-Control 2 Guard] "C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 199.21.112.35 clicks.aweber.com
Hosts: 199.21.112.35 main.exoclick.com
Hosts: 199.21.112.35 www.ininbox.com
Hosts: 199.21.112.35 click.icptrack.com
Hosts: 199.21.112.35 untappedresults.ontraport.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN23203762443581177&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.11alive.com/
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Dennis\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}\plugins\npFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_199.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_90.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2013-11-10 36096]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-10 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-10 208416]
R0 BootDefragDriver;BootDefragDriver;C:\Windows\System32\drivers\BootDefragDriver.sys [2014-4-3 17600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-18 20464]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-12-18 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-10 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-11-10 423240]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [2014-4-10 36240]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2013-10-30 258848]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-9-11 98208]
R2 AHDDC2;Ashampoo HDD Control 2 Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2013-10-31 1518504]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-1 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-10 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-18 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-21 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-3-21 109048]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-9-19 38440]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-11-12 196616]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-11 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-12-4 169432]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-12-14 39056]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [2013-12-16 23552]
R2 SystemkService;Systemk Service;C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [2014-4-10 3543056]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-12-4 81536]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-11-10 169752]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-4-3 450520]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-18 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-18 795632]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2013-11-10 729152]
R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\Windows\System32\drivers\OEM03Afx.sys [2007-6-8 212864]
R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\System32\drivers\OEM03Vfx.sys [2007-3-5 12288]
R3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\System32\drivers\OEM03Vid.sys [2007-4-25 266944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-12-4 271064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-28 883928]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2013-10-30 120064]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-4-3 34544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SBAMSvc;ParetoLogic Internet Security;"C:\Program Files (x86)\ParetoLogic\ParetoLogic Internet Security\SBAMSvc.exe" --> C:\Program Files (x86)\ParetoLogic\ParetoLogic Internet Security\SBAMSvc.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-9-11 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-1-10 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-11-25 31800]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2013-10-30 120064]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2013-10-30 61216]
S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-9-20 86816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-1 1255736]
.
=============== Created Last 30 ================
.
2014-05-01 17:08:48 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB7C23AF-1C06-42E4-B015-0E25C2BD0E2C}\offreg.dll
2014-05-01 16:12:33 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB7C23AF-1C06-42E4-B015-0E25C2BD0E2C}\mpengine.dll
2014-05-01 16:03:18 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-05-01 16:03:07 43152 ----a-w- C:\Windows\avastSS.scr
2014-04-29 18:47:48 -------- d-----w- C:\Users\Dennis\AppData\Local\FreeFileViewer
2014-04-27 14:29:26 -------- d-----w- C:\ProgramData\Copernic
2014-04-26 19:38:43 -------- d-----w- C:\Program Files\Registry Easy
2014-04-25 21:39:53 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Smart PC Cleaner
2014-04-25 21:36:02 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Genieo
2014-04-25 21:35:54 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Fighters
2014-04-25 21:35:27 -------- d-----w- C:\ProgramData\Fighters
2014-04-25 21:35:27 -------- d-----w- C:\Program Files\Fighters
2014-04-25 21:35:27 -------- d-----w- C:\Program Files (x86)\Fighters
2014-04-25 21:34:41 -------- d-----w- C:\Program Files (x86)\Smart PC Cleaner
2014-04-22 19:59:02 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Fugazo
2014-04-18 17:03:45 -------- d-----w- C:\Users\Dennis\AppData\Roaming\SupTab
2014-04-18 17:03:37 -------- d-----w- C:\ProgramData\WPM
2014-04-18 17:03:11 -------- d-----w- C:\Users\Dennis\AppData\Roaming\v9
2014-04-15 14:54:50 -------- d-----w- C:\Program Files (x86)\Aurora
2014-04-10 14:23:18 -------- d-----w- C:\ProgramData\systemk
2014-04-09 17:37:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-09 17:37:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-09 17:37:58 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-04-09 15:49:53 -------- d-----w- C:\Program Files (x86)\uPlayer
2014-04-09 15:48:45 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2014-04-09 15:48:33 -------- d-----w- C:\Users\Dennis\AppData\Local\Local_Weather_LLC
2014-04-09 15:48:23 -------- d-----w- C:\Users\Dennis\AppData\Local\WeatherAlerts
2014-04-09 15:46:41 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-04-09 15:46:38 -------- d-----w- C:\Users\Dennis\AppData\Local\SearchProtect
2014-04-06 16:18:58 -------- d-----w- C:\Program Files (x86)\Cooking Academy - Restaurant Royale
2014-04-05 20:12:58 -------- d-----w- C:\ProgramData\BrowserProtect
2014-04-05 20:12:58 -------- d-----w- C:\ProgramData\Browser Manager
2014-04-05 20:12:58 -------- d-----w- C:\ProgramData\BitGuard
2014-04-05 19:24:47 -------- d-----w- C:\ProgramData\Wincert
2014-04-05 19:24:26 -------- d-----w- C:\Program Files (x86)\Linkey
2014-04-05 19:23:51 -------- d-----w- C:\Users\Dennis\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-04-05 19:23:47 -------- d-----w- C:\Program Files (x86)\Settings Manager
2014-04-03 23:45:37 9889352 ----a-w- C:\Windows\SysWow64\RsCRIcon.dll
2014-04-03 23:45:37 465624 ----a-w- C:\Windows\System32\drivers\RtsPer.sys
2014-04-03 23:45:37 359128 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2014-04-03 23:45:37 331992 ----a-w- C:\Windows\System32\drivers\RtsUVStor.sys
2014-04-03 23:45:37 313048 ----a-w- C:\Windows\System32\drivers\RtsBaStor.sys
2014-04-03 23:45:37 291544 ----a-w- C:\Windows\System32\drivers\RtsP2Stor.sys
2014-04-03 23:40:13 34544 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys
2014-04-03 23:38:54 100312 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys
2014-04-03 23:38:06 450520 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2014-04-03 17:04:01 17600 ----a-w- C:\Windows\System32\drivers\BootDefragDriver.sys
2014-04-02 22:52:15 -------- d-----w- C:\Users\Dennis\AppData\Roaming\BBB
.
==================== Find3M ====================
.
2014-05-01 16:59:24 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-01 16:59:24 698032 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-01 16:03:11 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-05-01 16:03:11 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-05-01 16:03:10 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-05-01 16:03:10 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-05-01 16:03:10 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-05-01 16:03:10 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-04-01 08:03:54 118048 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-31 01:13:47 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-31 00:13:30 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-28 18:00:03 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-21 21:04:47 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-03-20 17:51:21 111000 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-03-17 06:23:32 24352 ----a-w- C:\Windows\System32\RegBootDefrag.exe
2014-03-05 13:26:18 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-05 13:26:08 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-05 13:26:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-13 12:46:44 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:37:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2013-03-28 17:49:02 5117440 ----a-w- C:\Program Files (x86)\Binary Signals Bot.exe
2012-12-10 18:58:04 6540800 ----a-w- C:\Program Files (x86)\Binary Wealth Bot.exe
2012-11-26 18:28:24 445079 ----a-w- C:\Program Files (x86)\Fibo-Vector.exe
2012-11-05 23:52:10 325952 ----a-w- C:\Program Files (x86)\lua5.1.dll
2012-11-05 23:52:10 1340416 ----a-w- C:\Program Files (x86)\uninstall.exe
2012-02-06 18:55:02 974848 ----a-w- C:\Program Files (x86)\SpaceSniffer.exe
2006-09-23 23:01:44 110592 ----a-w- C:\Program Files (x86)\SatelliteTVforPC.exe
2005-01-28 17:44:00 5525504 ----a-w- C:\Program Files (x86)\wmp.dll
.
============= FINISH: 13:30:45.50 ===============

GMER stalls everytime I try to run it. As far as I know I have no CD emulation programs (I don't even know what thjat is).


----------



## Satchfan (Jan 12, 2009)

Hello DennisI

You have a browser hijacker so well need to do more scans but hopefully we can sort this out.

*Uninstall programs*

Uninstall this program:

*iLivid*


click *Start, Control Panel, Programs and Features* 
click on *iLivid* and then *Uninstall*
repeat this for the other programs listed above.

===================================================

*Note*: Please run these in the order given in the instructions.

===================================================

*Download and run AdwCleaner *

Download AdwCleaner from *here* and save it to your desktop.


run AdwCleaner 
when it has finished, select *Clean*
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

*Download and run Junkware Removal Tool *








Please download *Junkware Removal Tool *to your desktop.


shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

===================================================

*Run OTL*


download *OTL* to your desktop.
double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
click *Scan all users*.
under Custom Scan paste this in *

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT​*​
click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
when the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply. 
you may need two posts to fit them both in.

Logs to include with next post:

*AdwCleaner log
JRT.txt
OTL.txt
Extras.txt*

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

Here is a start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dennis on Fri 05/02/2014 at 20:48:52.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] backupstack 
Successfully deleted: [Service] backupstack

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3306061
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\agi"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\big fish"
Failed to delete: [Folder] "C:\ProgramData\big fish games"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Dennis\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Dennis\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\Dennis\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Dennis\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\agi"
Successfully deleted: [Folder] "C:\Program Files (x86)\claro ltd"
Successfully deleted: [Folder] "C:\Program Files (x86)\complitly"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion plugin"
Successfully deleted: [Folder] "C:\Program Files (x86)\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\glarysoft toolbar"
Failed to delete: [Folder] "C:\Program Files (x86)\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\myashampoo"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
Failed to delete: [Folder] "C:\Program Files (x86)\object"
Successfully deleted: [Folder] "C:\Program Files (x86)\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files (x86)\software informer"
Successfully deleted: [Folder] "C:\Program Files (x86)\speedypc software"
Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"
Successfully deleted: [Folder] "C:\Users\Dennis\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Users\Dennis\AppData\Roaming\microsoft\windows\start menu\programs\speedypc software"
Failed to delete: [Folder] "C:\bigfishcache"

~~~ FireFox

Successfully deleted: [File] C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\xdmxyef8.default\searchplugins\my-homepage.xml
Successfully deleted: [Folder] C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\xdmxyef8.default\fctb
Successfully deleted the following from C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\xdmxyef8.default\prefs.js

user_pref("CT2192277.embeddedsData", "[{\"appId\":\"128802460738106541\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2192277.hxxp___calendar_conduitapps_com_v1.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0wLGNsb3NlYnV0dG9uPTAsc2F2ZXJlc2l6ZWRzaXp
user_pref("CT2192277.hxxp___static_donanza_com_affiliate_conduit.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLCBzY3JvbGxiYXJzPW5v");
user_pref("CT2192277.hxxp___static_donanza_com_affiliate_conduit.NEWINDICATION.enc", "b24=");
user_pref("CT2192277.hxxps___calendar_conduitapps_com_v1.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0wLGNsb3NlYnV0dG9uPTAsc2F2ZXJlc2l6ZWRzaX
user_pref("CT2192277.installType", "conduitnsisintegration");
user_pref("CT2192277.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT2192277&octid=CT2192277&ISID=ISID_ID&SearchSource=15&CUI=U
user_pref("CT2192277.search.searchAppId", "128802460738106541");
user_pref("CT2192277.search.searchCount", "2");
user_pref("CT2192277.smartbar.CTID", "CT2192277");
user_pref("CT2192277.smartbar.Uninstall", "0");
user_pref("CT2192277.smartbar.toolbarName", "ClixSense.com ");
user_pref("CT3286042.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=2&CUI=UN31486224793031823&UM=2&q=");
user_pref("CT3286042.smartbar.homepage", "true");
user_pref("CT3288691.CONDUIT_UPDATE_converterVersion.enc", "MTAuMS4wLjE2Ng==");
user_pref("CT3288691.CONDUIT_UPDATE_lastTimeUpdateChecked.enc", 53376159);
user_pref("CT3288691.CONDUIT_UPDATE_playerVersion.enc", "MTEuMy4wLjQw");
user_pref("CT3288691.CONDUIT_UPDATE_streamerVersion.enc", "MTAuMS4wLjU4");
user_pref("CT3288691.installType", "conduitnsisintegration");
user_pref("CT3288691.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=15&CUI=UN109316517211526
user_pref("CT3288691.search.searchAppId", "10000002");
user_pref("CT3288691.search.searchCount", "0");
user_pref("CT3288691.smartbar.CTID", "CT3288691");
user_pref("CT3288691.smartbar.Uninstall", "0");
user_pref("CT3288691.smartbar.toolbarName", "DivX Browser Bar ");
user_pref("CT3306061.smartbar.homepage", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN22361197692254989&UM=2&UP=SPA3823483-1DAB-44DC-9C6F
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?ctid=CT3286042&octid=CT3286042&SearchSource=61&CUI=UN22361197692254989&UM=2&UP=SPA3823483-1DAB-44DC-9C6F-4CA6
user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=nt&installDate=06/02/2014");
user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN23203762443581177&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.2", "Mysearchdial");
user_pref("extensions.crossrider.bic", "142defa0ddd87be136acc654e415a8bf");
user_pref("extensions.mysearchdial.aflt", "irmsd0101");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtD0EtD0D0E0B0AtAyCyDtN0D0Tzu0SyBtAzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
user_pref("extensions.mysearchdial.cntry", "US");
user_pref("extensions.mysearchdial.cr", "2118251588");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "B5896E6CFD2835D36BDF0D439D4F4B09");
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtD0EtD0D0E0B0AtAyCyDtN0D0Tzu0SyBtAzytN1L2XzutBtFtBt
user_pref("extensions.mysearchdial.id", "C81F660E0DEBA365");
user_pref("extensions.mysearchdial.instlDay", "16078");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtD0EtD0D0E0B0AtAyCyDtN0D0Tzu0SyBtDyDtN1L2XzutBtFtBtFt
user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.015:9:40");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtD0EtD0D0E0B0AtAyCyDtN0D0Tzu0SyBtAzytN1L2XzutBtFt
user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"89\",\"lastVrsn\":\"89\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "none");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtD0EtD0D0E0B0AtAyCyDtN0D0Tzu0SyBtAzytN1L2XzutBt
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.09:36:44");
user_pref("extensions.wajam.affiliate_id", "9876");
user_pref("extensions.wajam.firstrun", "false");
user_pref("extensions.wajam.install_timestamp", "1388934738");
user_pref("extensions.wajam.landing_page_done", "true");
user_pref("extensions.wajam.landing_page_on_first_run", "true");
user_pref("extensions.wajam.log_send_info", "false");
user_pref("extensions.wajam.machine_id", "FCCB55B26C82F151A9DAF02C3F10BC64");
user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"update_interval\":930,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/
user_pref("extensions.wajam.no_trace", "false");
user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
user_pref("extensions.wajam.trace_log", "1388952828120 - onFlagInfoReceived - Server mapping version: 0.21087\n1388952828121 - onFlagInfoReceived - No client-side server mappi
user_pref("extensions.wajam.unique_id", "114DDE273A527C66013D9666E1DB5707");
user_pref("extensions.wajam.user_current_mapping_version", "0");
user_pref("extensions.wajam.version", "1.27");
user_pref("freecause771f303798854423b50fa5ede4854e26.21.KeywordHistory", "dealsncash%7Cdealsncash%2520review%7Csafelinkwireless%252Ccom/verify%7Csafelink%2520wireless%2520low%
user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");
user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 2);
user_pref("freecause771f303798854423b50fa5ede4854e26.DNSCatch", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");
user_pref("freecause771f303798854423b50fa5ede4854e26.EBOMode", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.EnableDCAData_xx", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.EnableDCA_xx", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.InstallDomain", "inboxdollars.com");
user_pref("freecause771f303798854423b50fa5ede4854e26.InstallType", "one_click");
user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 2);
user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");
user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1399077904930");
user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search");
user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "hxxp%3A//www.11alive.com/");
user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Google");
user_pref("freecause771f303798854423b50fa5ede4854e26.comp.search.21.width", "219");
user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.dcaDefaultMode", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.dcaShowInstallerPage", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.dcaShowSurvey", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.hidden.login", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.hidden.promo", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.hidden.signup", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.partnerauth", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.remove_homepage", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);
user_pref("freecause771f303798854423b50fa5ede4854e26.session", "5037728CEE3DEF8242E3F3EF411CFA8BC6712A976622B9BF1E2B20CBF7C0912FA8552873338CE11CF0FCA320AC82F1F3E3A8F1F6C0FB244
user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false);
user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");
user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");
user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "132454751");
user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "fad1a14f0bb123ced605778d5e37a82ed326e8c3");
user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");
user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");
user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", false);
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.addressBarOwnerCTID", "CT3306058");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN22361197692254989&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3286042&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=2&CUI=UN31486224793031823&UM=2&q=,hxxp://search.condui
user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
user_pref("smartbar.homePageOwnerCTID", "CT3306061");
user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN22361197692254989&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3286042&octid=CT32
user_pref("smartbar.machineId", "+NV/ZAWNCFALEIMTJEFTUWSHAQTTHFN6NPVBEWESDAB6EBNXS6B68C64AYNRFC6DOBI6XXQ3QKJWEXLVB/Q/VA");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3286042&CUI=UN22361197692254989&UM=2&SearchSource=13");
user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=2&CUI=UN31486224793031823&UM=2&q=,hxxp://search.conduit.com/R
Emptied folder: C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\xdmxyef8.default\minidumps [13 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/02/2014 at 20:57:23.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## DennisI (Apr 24, 2014)

OTL Extras logfile created on: 5/2/2014 9:08:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 49.22% Memory free
6.87 Gb Paging File | 4.66 Gb Available in Paging File | 67.82% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.06 Gb Total Space | 372.48 Gb Free Space | 83.88% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 87.80 Gb Free Space | 29.46% Space Free | Partition Type: FAT32

Computer Name: SONOFSAM2 | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6A30F6BB-0B11-4B86-9E96-57B9F2557EAC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F34C00AF-7A68-4707-A5FA-7A13C77CEC3E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B24B8F-A538-4086-B9DC-6E4AC3D1D1DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{076942C6-7EC5-41E1-8F8F-01C3544B0E50}" = protocol=17 | dir=in | app=c:\users\dennis\downloads\utorrent(27).exe | 
"{153C909D-980C-4BE6-B397-8DAC0EA40630}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\roaming\utorrent\utorrent.exe | 
"{16AFC7BA-045A-46C2-A251-D400B794FA07}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{20487531-A7A1-4D5E-9928-1AE06BE26EF8}" = protocol=6 | dir=in | app=c:\users\dennis\downloads\utorrent(1).exe | 
"{266C5DDB-D240-4C78-848B-8B7D5BEB4061}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{2B15667D-617B-43D5-8999-D9A378D79E5B}" = protocol=17 | dir=in | app=c:\users\dennis\downloads\utorrent(1).exe | 
"{2D08F1DA-864D-4D43-ACE4-EB7706011BE1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{352EF85F-7A9A-424E-92A3-88733E4F2A48}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\roaming\utorrent\utorrent.exe | 
"{533DEC23-E245-4280-951B-B8CBACFE816C}" = dir=in | app=c:\users\dennis\appdata\local\microsoft\skydrive\skydrive.exe | 
"{67E6AB82-B107-4F29-81B4-DE57665D48E5}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{6C9D976B-E7D0-4332-976C-ED9660E9F4CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7029336A-E7E1-47C5-9C4F-773172E3FE3C}" = protocol=6 | dir=in | app=c:\users\dennis\downloads\utorrent(27).exe | 
"{A1E5AED5-93BC-4DC9-A270-AE4C495575B0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{BC6485CF-DF64-475E-BDE1-23643634045C}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{CA160E44-10F8-4CE3-B39A-6DBD9900C866}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe | 
"TCP Query User{98F1FA01-E974-46E2-9BDF-8D17E908D113}C:\Program Files (x86)\Gomez\GomezPEER\agents\gozilla\runtime\gozilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe | 
"TCP Query User{A6227E41-BF9C-4C42-BEF2-AAB6FF6FCCEE}C:\program files (x86)\Gomez\GomezPEER\agents\chrome\runtime\gomezchromeagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\chrome\runtime\gomezchromeagent.exe | 
"UDP Query User{3E2F35FC-4585-4A93-8F36-6FBA7CD00CE6}C:\program files (x86)\Gomez\GomezPEER\agents\chrome\runtime\gomezchromeagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\chrome\runtime\gomezchromeagent.exe | 
"UDP Query User{8BC50958-532F-4D41-9A22-35EDE009CFAD}C:\Program Files (x86)\Gomez\GomezPEER\agents\gozilla\runtime\gozilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B48F87-6485-49EC-8B7C-18EBD4DB2433}_is1" = Idle Processor Utilization Services version IPUS 2.01
"{03595951-D52C-4AC6-BBBC-4E1D5E16A170}" = iSpy (64 bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418000FF}" = Java 8 (64-bit)
"{2B1C6CB4-4470-4D57-91E0-83986DCEB5DA}" = Windows Live Family Safety
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X version 5.02
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{b2d30b83-97be-49a7-b0db-ee2bf3eab5b2}.sdb" = Registry Defragmentation Compatibility Patch
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"CCleaner" = CCleaner
"Creative OEM003" = Monitor Integrated Webcam Driver (1.00.13.0608) 
"MyPC Backup" = MyPC Backup 
"PC-Doctor for Windows" = My Dell
"Recuva" = Recuva
"Software Informer_is1" = Software Informer 1.2
"Speccy" = Speccy
"TeraCopy_is1" = TeraCopy 2.3
"WhoCrashed_is1" = WhoCrashed 5.01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06810DC6-3501-40FE-BCB3-1A7BE6398A36}" = uPlayer
"{0765012B-51F6-4868-875E-9C14755B338C}" = RealDownloader
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0A5C17E9-C6AB-4ADA-9AE8-ADAE8AE386C2}" = AutoBinaryEA
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{16E46BCF-3D36-4353-9BCB-344F7812CEDE}" = Photo Gallery
"{1F752D02-F576-4DD6-8DA7-E478283F455A}" = OpenOffice Beta 4.1.0
"{1F9E8447-9B82-45D5-A6D7-2A4CB874111F}" = Windows Live Mail
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update
"{26A24AE4-039D-4CA4-87B4-2F83217010F0}" = Java 7 Update 10
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{34E4731B-9C50-4A1E-85BA-11A3F8375B91}" = uTorrentMC
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1" = Ashampoo WinOptimizer 10 v.10.3.0
"{4209F371-A431-385E-2D7E-ACDA5DA3BA0B}_is1" = Ashampoo HDD Control 2 v.2.1.0
"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52FFD891-6165-4644-843D-5F305F3A27CE}" = Copernic Desktop Search 4
"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 5.3.0
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F2CFD1E-9B7E-42C4-BA2E-CB414FBFD354}" = Buxenger
"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype 6.14
"{7C0791D9-F1FB-48DD-B8E4-662BDAE42357}" = Windows Live Messenger
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E311AD-3A9C-45C7-A403-8FF3F7609764}" = Windows Live Writer
"{85BEDB91-5AB4-4066-8946-4EE980950F82}" = Simple Search-Replace
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{91B33C97-5A0B-2CB7-3038-22701B2F2CED}_is1" = Ashampoo Gadge It v.1.0.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform
"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer
"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common
"{99DEDC19-3106-47B4-83C0-7283C7C827BA}" = AutoEABinary
"{99E82553-9654-4FB7-8DB3-900C0FDB1A70}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F4B74E-D722-4D9E-817B-F58F32A55A51}" = Windows Live UX Platform Language Pack
"{A59A15E8-2B9B-490D-916E-D608A9D0D295}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A8CFAE35-66DD-4B4B-A4B9-279D52BD8F86}" = Google Drive
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B84DEFE1-0175-47C9-BC1D-8645FCBC0ECE}_is1" = Webshots Wallpaper & Screensaver version 1.5.0.31
"{B96348BD-6B0D-42E3-80B1-FA6718067BFE}" = Dell Digital Delivery
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BEED3D31-4CF4-452E-8B55-CB4B02DAD6F4}_is1" = Binary Option Robot version 1.1
"{C201BDF9-1C27-46F8-A248-F4469C9FC27C}" = Photo Common
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE
"{C95AEB53-7FAE-4257-97AF-7136E8D9F9CA}" = Movie Maker
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D819DB7B-4E27-4D28-B9B2-CF152B6810E0}_is1" = WebsiteGenerator version 1.0
"{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}" = WeatherBug
"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E5E83E00-1144-4821-B6B6-7A16C41EFC39}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED58D367-6FB9-4C00-AD81-F5B4CF96845D}" = Windows Live Family Safety
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F4BB90F6-9AE0-4EF6-80CB-D163B2F3A910}_is1" = Webshots Extractor version 1.0.0.000
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities Professional Edition 11.13
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FCEDADE3-1C8A-4858-BE93-360168178BB2}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AI RoboForm" = RoboForm 7-9-6-7 (All Users)
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3 v.3.20
"Aurora 29.0a2 (x86 en-US)" = Aurora 29.0a2 (x86 en-US)
"avast" = avast! Internet Security
"BFGC" = Big Fish: Game Manager
"BFG-Cooking Academy - Restaurant Royale" = Cooking Academy: Restaurant Royale
"BFG-My Singing Monsters" = My Singing Monsters
"BFG-The Path of Hercules" = The Path of Hercules
"CopernicDesktopSearch4" = Copernic Desktop Search 4
"DivX Setup" = DivX Setup
"DownLite" = DownLite
"Easy Clone Detective1.4" = Easy Clone Detective
"FileHippo.com" = FileHippo.com Update Checker
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"FreeFileViewer_is1" = Free File Viewer 2014
"Glary Utilities 4" = Glary Utilities 4.9
"GomezPEER" = GomezPEER
"Google Chrome" = Google Chrome
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000
"MetaTrader 4" = MetaTrader 4
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"Mozilla Thunderbird 28.0 (x86 en-US)" = Mozilla Thunderbird 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProcessLasso" = Process Lasso
"PySol Fan Club edition_is1" = PySol Fan Club edition v.2.0
"PySolFC Solitaire_is1" = PySolFC Solitaire (a freeware Solitaire Game) version 1.1
"RadarSync PC Updater 2013_is1" = RadarSync PC Updater 2013
"Registry Defragmentation" = Registry Defragmentation
"Settings Manager" = Settings Manager
"Stardock Fences 2" = Stardock Fences 2
"Stardock ObjectDock" = Stardock ObjectDock
"Super Internet TV (Free Edition)_is1" = Super Internet TV v8.0 (Free Edition)
"Trusted Software Assistant_is1" = File Type Assistant
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Adobe Reader Free Download Packages" = Adobe Reader Free Download Packages
"DesktopWeatherAlerts" = DesktopWeatherAlerts
"fTalk" = fTalk
"Linkey" = Linkey
"OneDriveSetup.exe" = Microsoft OneDrive
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2014 8:57:30 PM | Computer Name = SonofSam2 | Source = VSS | ID = 12289
Description =

Error - 5/2/2014 8:57:32 PM | Computer Name = SonofSam2 | Source = System Restore | ID = 8193
Description =

Error - 5/2/2014 8:57:57 PM | Computer Name = SonofSam2 | Source = System Restore | ID = 8193
Description =

Error - 5/2/2014 9:20:39 PM | Computer Name = SonofSam2 | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 5/2/2014 8:57:30 PM | Computer Name = SonofSam2 | Source = volsnap | ID = 393283
Description = The shadow copy of volume C: being created failed to install.

< End of report >


----------



## DennisI (Apr 24, 2014)

The log file is too big to send. And I am having a problem with ADW ? log


----------



## Satchfan (Jan 12, 2009)

Thank you for the logs Dennis; you are doing well.

I really needed the other OTL log but only when AdwCleaner *and* Junkware Removal Tool had been run.

Lets try running *AdwCleaner* in safe mode and then well get a new OTL log:

*How to start Windows in Safe Mode - Windows 7/Vista*

Try running it again and let me know how that goes. If you are still having problems, please describe what happens when you try to run it.

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

Hope I did this right. The zip file contains the OTL logs


----------



## Satchfan (Jan 12, 2009)

Good work; thanks for those.

Junkware Removal Tool removed quite a bit but what I really need now is for you to run *AdwCleaner*. Please try it again and if you have a problem running it let me know what that problem is.

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

Hope this is what you need. Both logs are in the zip.


----------



## Satchfan (Jan 12, 2009)

Excellent.  I think we have got rid of a lot of the bad stuff but we'll need to check what's left.

Please run OTL again and send a new log.


----------



## DennisI (Apr 24, 2014)

I hope this is not redundant, I got kinda lost in all these files(I told ya I am an old man).


----------



## Satchfan (Jan 12, 2009)

That is the old OTL log from the first scan. Please send the new one and don't attach it; copy and paste into the post. There won't be an Extras log from the second scan.

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

OTL was run yesterday. I am beginning to wonder if I am accomplishing anything. The process I have to go through to get connected is to reboot into safe mode, restore to am earlier date and then I can get to the internet. Should I be running these programs these programs in the non-communication mode or the communication mode.


----------



## DennisI (Apr 24, 2014)

OK I reran everything using the "bad" configuration. I got just 1 file from OTL this time. I hope this is right.

OTL logfile created on: 5/6/2014 3:54:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 64.41% Memory free
6.87 Gb Paging File | 5.28 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.06 Gb Total Space | 371.42 Gb Free Space | 83.64% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 87.80 Gb Free Space | 29.46% Space Free | Partition Type: FAT32

Computer Name: SONOFSAM2 | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/06 12:19:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\OTL.exe
PRC - [2014/04/14 19:11:00 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/04/09 11:57:50 | 000,909,312 | ---- | M] (Webshots) -- C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe
PRC - [2014/04/01 04:01:06 | 000,786,720 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
PRC - [2014/03/22 17:58:09 | 000,527,936 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2014/03/21 17:04:51 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/21 17:04:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/03 09:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/03 09:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/02/25 18:52:50 | 001,568,832 | ---- | M] (Copernic, a division of N. Harris Copernic Systems) -- C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
PRC - [2014/01/10 01:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/12/10 23:27:58 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/11/12 11:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2013/07/18 02:44:32 | 000,292,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/06/21 04:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2013/06/05 18:31:58 | 001,653,760 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
PRC - [2012/07/30 10:48:20 | 003,783,592 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
PRC - [2012/07/30 10:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
PRC - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/02/01 04:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 04:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2007/05/19 01:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM03Mon.exe

========== Modules (No Company Name) ==========

MOD - [2014/04/01 04:03:44 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
MOD - [2014/03/28 11:33:52 | 000,856,576 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\platforms\qwindows.dll
MOD - [2014/03/28 11:33:52 | 000,732,160 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\libGLESv2.dll
MOD - [2014/03/28 11:33:52 | 000,307,712 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qtiff.dll
MOD - [2014/03/28 11:33:52 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qmng.dll
MOD - [2014/03/28 11:33:52 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qjpeg.dll
MOD - [2014/03/28 11:33:52 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\CrashRpt1301.dll
MOD - [2014/03/28 11:33:52 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\libEGL.dll
MOD - [2014/03/28 11:33:52 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qgif.dll
MOD - [2014/03/28 11:33:52 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qico.dll
MOD - [2014/03/28 11:33:52 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qtga.dll
MOD - [2014/03/28 11:33:52 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qwbmp.dll
MOD - [2014/02/28 04:13:55 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/28 04:04:42 | 001,870,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b85a411ce82ba71cd3d77c8c13794f81\System.Web.Services.ni.dll
MOD - [2014/02/28 04:04:36 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/28 04:04:22 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/28 04:04:13 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/28 04:04:07 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/28 04:04:00 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/28 04:03:59 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/28 04:03:55 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/02/28 04:03:52 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/28 04:03:51 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/28 04:03:47 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/28 04:03:46 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/28 04:03:41 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/25 18:52:52 | 001,563,200 | ---- | M] () -- C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.System.RT.dll
MOD - [2014/02/17 23:46:30 | 000,643,948 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2014/02/12 04:40:20 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\789574f9ced0fc11cec5ef55dda5073b\IAStorUtil.ni.dll
MOD - [2014/02/12 04:34:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 04:34:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:34:00 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 04:33:56 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 04:33:54 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 04:33:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 04:33:38 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/10 01:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/10 01:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/11/10 16:25:25 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2014/03/21 17:04:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2014/03/21 17:04:41 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:*64bit:* - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:*64bit:* - [2013/08/27 15:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:*64bit:* - [2013/08/27 15:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:*64bit:* - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/06 14:59:25 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/15 10:54:56 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/03 09:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/03 09:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/12/10 23:27:58 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/10 23:27:54 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/11/12 11:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) [Auto | Running] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/06 18:44:18 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/06/21 04:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/07/30 10:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/02/01 04:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2014/03/31 03:33:06 | 000,017,600 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV:*64bit:* - [2014/03/21 17:04:56 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:*64bit:* - [2014/03/21 17:04:56 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:*64bit:* - [2014/03/21 17:04:56 | 000,208,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:*64bit:* - [2014/03/21 17:04:56 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2014/03/21 17:04:56 | 000,084,816 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:*64bit:* - [2014/03/21 17:04:56 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2014/03/21 17:04:56 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:*64bit:* - [2014/03/21 17:04:47 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:*64bit:* - [2014/01/24 13:23:28 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:*64bit:* - [2014/01/03 13:33:52 | 000,271,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2013/12/28 03:35:52 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2013/12/10 23:27:54 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:*64bit:* - [2013/09/03 13:52:04 | 004,445,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2013/08/27 15:08:42 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2013/07/18 02:43:40 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:*64bit:* - [2013/07/18 02:43:40 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:*64bit:* - [2013/07/18 02:43:40 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:*64bit:* - [2013/07/01 15:17:12 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2013/07/01 15:17:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2013/07/01 15:17:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2013/06/24 23:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2013/05/21 17:38:50 | 000,036,096 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:*64bit:* - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:*64bit:* - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:*64bit:* - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:*64bit:* - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:*64bit:* - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:*64bit:* - [2012/09/12 03:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/02/01 20:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2011/10/05 10:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:*64bit:* - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/08/18 02:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:*64bit:* - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:*64bit:* - [2007/06/08 01:00:02 | 000,212,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV:*64bit:* - [2007/04/25 01:00:00 | 000,266,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV:*64bit:* - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE:*64bit:* - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {2D8FAFFE-9B47-42D5-8278-5AC97754C495}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:*64bit:* - HKLM\..\SearchScopes\{371B386D-5E2A-4F14-B1EC-0AC31014AFBF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
IE:*64bit:* - HKLM\..\SearchScopes\{49C75C73-8869-A5C9-7078-423A0CB9E70B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/U223_FRPage
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com [binary data]
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=100&itype=n&ver=11471&tm=308&src=hmp
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.trafficswarm.com/cgi-bin/swarm.cgi?580801&7eabee3d751819ebb16f20b07f47d95f
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.11alive.com/"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: extension%40linkeyproject.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0%7D:1.2.7.0
FF - prefs.js..extensions.enabledAddons: %7B70df8d13-bdd3-448e-944c-efde21b77161%7D:10.30.1.502
FF - prefs.js..extensions.enabledAddons: %7B771f3037-9885-4423-b50f-a5ede4854e26%7D:1.300.436.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2016.82
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0a2
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_199.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_199.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Dennis\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dennis\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dennis\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 29.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2014/05/05 15:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 29.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2014/05/06 14:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/06 14:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{10E4285F-D79B-4147-9447-81DFF109A394}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/31 16:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/31 16:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/05/06 14:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/06 14:21:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/02/27 16:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/02/27 16:49:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{b9aa91db-385d-4c69-8a2f-96790aa9405b}: c:\program files (x86)\copernic\desktopsearch4\firefoxconnector [2014/05/06 14:21:24 | 000,000,000 | ---D | M]

[2014/04/25 17:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Extensions
[2014/05/06 15:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions
[2014/05/06 14:21:34 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}
[2014/04/25 17:35:08 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2013/10/31 12:03:58 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]
[2014/04/05 15:24:30 | 000,000,000 | ---D | M] (Linkey for Firefox) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]
[2014/02/03 08:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]\content
[2014/02/03 08:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]\skin
[2013/10/31 14:46:40 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]
[2013/10/31 12:02:09 | 000,328,123 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]
[2013/10/31 13:13:08 | 000,009,253 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi
[2014/05/02 11:28:19 | 000,956,302 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
[2014/02/09 13:38:56 | 000,556,273 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}.xpi
[2014/05/05 18:30:42 | 000,002,579 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\searchplugins\default-search.xml
[2014/05/02 20:58:31 | 000,001,354 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\searchplugins\search-with-inboxdollars.xml
[2014/04/27 10:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/04/27 10:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/04/27 10:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/27 10:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/04/27 10:54:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/06 14:36:35 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XDMXYEF8.DEFAULT\EXTENSIONS\{70DF8D13-BDD3-448E-944C-EFDE21B77161}

========== Chrome ==========

CHR - homepage: http://www.default-search.net?sid=492&aid=100&itype=a&ver=12521&tm=308&src=hmp
CHR - default_search_provider: default-search.net ()
CHR - default_search_provider: search_url = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12521&tm=308&src=ds&p={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_2\
CHR - Extension: Google Drive = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.0.9_0\
CHR - Extension: YouTube = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_2\
CHR - Extension: Copernic Desktop Search Connector = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnnbdaahphjgdgfhliignpepgnbnfomp\4.0.4_4\
CHR - Extension: Google Search = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: avast! Online Security = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.7.0_4\
CHR - Extension: Skype Click to Call = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Google Wallet = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_5\
CHR - Extension: RoboForm = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_0\

O1 HOSTS File: ([2013/12/14 15:09:03 | 000,001,157 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 199.21.112.35 clicks.aweber.com
O1 - Hosts: 199.21.112.35 main.exoclick.com
O1 - Hosts: 199.21.112.35 www.ininbox.com
O1 - Hosts: 199.21.112.35 click.icptrack.com
O1 - Hosts: 199.21.112.35 untappedresults.ontraport.net
O1 - Hosts: 199.21.112.35 amviplink.ontraport.net
O1 - Hosts: 199.21.112.35 lurnmail.com
O1 - Hosts: 199.21.112.35 www.lurnmail.com
O1 - Hosts: 199.21.112.35 gvomail.com
O1 - Hosts: 199.21.112.35 www.gvomail.com
O2:*64bit:* - BHO: (no name) - {11111111-1111-1111-1111-110511071176} - No CLSID value found.
O2:*64bit:* - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:*64bit:* - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:*64bit:* - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:*64bit:* - HKLM..\Run: [Ashampoo HDD-Control 2 Guard] C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe (Ashampoo Development GmbH & Co. KG)
O4:*64bit:* - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [Copernic Desktop Search 4] C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe (Copernic, a division of N. Harris Copernic Systems)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [DellSystemDetect] C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Users\Dennis\AppData\Local\WeatherAlerts\WeatherAlerts.exe ()
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots Wallpaper & Screensaver.lnk = C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe (Webshots)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:*64bit:* - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8:*64bit:* - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:*64bit:* - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:*64bit:* - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:*64bit:* - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{614A7897-5369-4AF6-85EC-18F220588CB2}: DhcpNameServer = 10.220.5.1 192.1.4.78
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:*64bit:* - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O27:*64bit:* - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/03 14:32:54 | 000,000,090 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2002/10/31 18:14:36 | 000,000,302 | -H-- | M] () - G:\AUTOEXEC.001 -- [ FAT32 ]
O32 - AutoRun File - [2002/07/14 16:14:06 | 000,000,214 | -H-- | M] () - G:\AUTOEXEC.CAM -- [ FAT32 ]
O32 - AutoRun File - [2000/08/09 10:26:38 | 000,000,079 | -HS- | M] () - G:\AUTOEXEC.DOS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll) - File not found
O36 - AppCertDlls: x86 - (c:\program files (x86)\settings manager\systemk\sysapcrt.dll) - File not found
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT 
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/05/02 20:48:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/02 11:29:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/29 14:47:48 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\FreeFileViewer
[2014/04/27 10:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Copernic
[2014/04/26 15:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2014/04/25 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Genieo
[2014/04/25 17:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2014/04/25 17:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2014/04/25 17:35:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/04/25 17:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/04/25 17:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/04/25 17:34:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Yahoo!
[2014/04/22 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Fugazo
[2014/04/15 10:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2014/04/09 13:38:10 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/09 13:38:10 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/09 13:38:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/09 13:38:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/09 13:38:04 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 13:38:04 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/09 13:38:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/09 13:38:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/09 13:38:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/09 13:38:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/09 13:38:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/09 13:38:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/09 13:37:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/09 13:37:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/09 11:49:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uPlayer
[2014/04/09 11:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uPlayer
[2014/04/09 11:48:33 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Local_Weather_LLC
[2014/04/09 11:48:30 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/04/09 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\WeatherAlerts
[2013/12/15 12:57:49 | 000,974,848 | ---- | C] (Uderzo Software e Consulenza Informatica) -- C:\Program Files (x86)\SpaceSniffer.exe
[2013/11/01 17:25:59 | 000,445,079 | ---- | C] (RapidResultsMethod) -- C:\Program Files (x86)\Fibo-Vector.exe
[2013/11/01 17:13:32 | 005,525,504 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\wmp.dll
[2013/11/01 17:13:32 | 000,110,592 | ---- | C] (SatelliteTVtoPC.com) -- C:\Program Files (x86)\SatelliteTVforPC.exe
[2010/02/17 22:25:55 | 000,895,503 | ---- | C] (free-windows-registry-cleaner.com ) -- C:\Users\Dennis\free-wrc.exe
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/06 15:40:41 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/06 15:38:09 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3246782875-1836535004-4075896310-1000UA.job
[2014/05/06 15:32:11 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/06 15:32:11 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/06 15:26:38 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 4.job
[2014/05/06 15:24:11 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2014/05/06 15:24:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/06 15:24:10 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2014/05/06 15:24:10 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro Startup.job
[2014/05/06 15:23:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/06 15:23:49 | 3120,218,112 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/06 15:20:08 | 000,001,055 | ---- | M] () -- C:\Users\Dennis\Desktop\Search.lnk
[2014/05/06 15:17:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\License_Time.rdat
[2014/05/06 15:09:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/06 14:59:25 | 000,698,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/06 14:59:25 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/06 14:36:55 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/05/06 14:36:55 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/05/06 14:24:26 | 000,000,573 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_EF6F6128-96E0-11E3-BEA5-C81F660E0DEB.job
[2014/05/03 18:43:27 | 000,050,044 | ---- | M] () -- C:\Users\Dennis\Documents\AdwCleaner[S0].zip
[2014/04/29 14:16:23 | 000,000,514 | ---- | M] () -- C:\Users\Dennis\Documents\Winsoc reset.rtf
[2014/04/25 12:29:25 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2014/04/17 02:37:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3246782875-1836535004-4075896310-1000Core.job
[2014/04/16 18:00:00 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2014/04/16 17:38:13 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\pcupdater_UPDATES.job
[2014/04/14 19:07:26 | 000,000,985 | ---- | M] () -- C:\Users\Dennis\Desktop\PeaZip.lnk
[2014/04/13 03:04:02 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2014/04/12 12:37:12 | 000,002,285 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/12 12:37:12 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/09 17:01:47 | 000,001,197 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots Wallpaper & Screensaver.lnk
[2014/04/09 17:01:47 | 000,001,161 | ---- | M] () -- C:\Users\Dennis\Desktop\Webshots Wallpaper & Screensaver.lnk
[2014/04/09 11:49:58 | 000,003,029 | ---- | M] () -- C:\Users\Dennis\Desktop\uPlayer.lnk
[2014/04/09 11:48:30 | 000,001,115 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/06 14:48:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\License_Time.rdat
[2014/05/03 18:43:27 | 000,050,044 | ---- | C] () -- C:\Users\Dennis\Documents\AdwCleaner[S0].zip
[2014/04/29 14:16:23 | 000,000,514 | ---- | C] () -- C:\Users\Dennis\Documents\Winsoc reset.rtf
[2014/04/25 12:29:25 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2014/04/09 11:49:58 | 000,003,029 | ---- | C] () -- C:\Users\Dennis\Desktop\uPlayer.lnk
[2014/04/09 11:48:30 | 000,001,115 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/01/28 18:17:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/12/11 22:21:45 | 000,004,608 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/26 16:25:53 | 000,007,609 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2013/11/01 17:25:59 | 006,540,800 | ---- | C] () -- C:\Program Files (x86)\Binary Wealth Bot.exe
[2013/11/01 17:25:59 | 005,117,440 | ---- | C] () -- C:\Program Files (x86)\Binary Signals Bot.exe
[2013/11/01 17:25:59 | 000,035,244 | ---- | C] () -- C:\Program Files (x86)\BinaryArbitrages.air
[2013/11/01 17:25:59 | 000,024,766 | ---- | C] () -- C:\Program Files (x86)\list10.ini
[2013/11/01 17:25:59 | 000,024,022 | ---- | C] () -- C:\Program Files (x86)\list8.ini
[2013/11/01 17:25:59 | 000,024,002 | ---- | C] () -- C:\Program Files (x86)\list8old.ini
[2013/11/01 17:25:59 | 000,023,906 | ---- | C] () -- C:\Program Files (x86)\list13.ini
[2013/11/01 17:25:59 | 000,023,118 | ---- | C] () -- C:\Program Files (x86)\list9.ini
[2013/11/01 17:25:59 | 000,021,982 | ---- | C] () -- C:\Program Files (x86)\list11.ini
[2013/11/01 17:25:59 | 000,020,890 | ---- | C] () -- C:\Program Files (x86)\list4.ini
[2013/11/01 17:25:59 | 000,020,758 | ---- | C] () -- C:\Program Files (x86)\list3.ini
[2013/11/01 17:25:59 | 000,018,702 | ---- | C] () -- C:\Program Files (x86)\list12.ini
[2013/11/01 17:25:59 | 000,016,338 | ---- | C] () -- C:\Program Files (x86)\list5.ini
[2013/11/01 17:25:59 | 000,010,918 | ---- | C] () -- C:\Program Files (x86)\list6.ini
[2013/11/01 17:25:59 | 000,009,726 | ---- | C] () -- C:\Program Files (x86)\list7.ini
[2013/11/01 17:25:59 | 000,000,174 | ---- | C] () -- C:\Program Files (x86)\list.ini
[2013/11/01 17:13:32 | 000,561,288 | ---- | C] () -- C:\Program Files (x86)\Robot Manual and User Guide.pdf
[2013/11/01 17:13:32 | 000,434,914 | ---- | C] () -- C:\Program Files (x86)\TPISystem.pdf
[2013/11/01 17:13:32 | 000,325,952 | ---- | C] () -- C:\Program Files (x86)\lua5.1.dll
[2013/11/01 17:13:32 | 000,023,410 | ---- | C] () -- C:\Program Files (x86)\list15.ini
[2013/11/01 17:13:32 | 000,022,018 | ---- | C] () -- C:\Program Files (x86)\list17.ini
[2013/11/01 17:13:32 | 000,015,766 | ---- | C] () -- C:\Program Files (x86)\list14.ini
[2013/11/01 17:13:32 | 000,012,694 | ---- | C] () -- C:\Program Files (x86)\list16.ini
[2013/11/01 17:13:32 | 000,012,454 | ---- | C] () -- C:\Program Files (x86)\list18.ini
[2013/11/01 17:13:32 | 000,011,909 | ---- | C] () -- C:\Program Files (x86)\Screen.png
[2013/11/01 17:13:32 | 000,011,614 | ---- | C] () -- C:\Program Files (x86)\list33.ini
[2013/11/01 17:13:32 | 000,003,727 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/10/30 16:22:35 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/09/23 18:25:56 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/09/23 18:25:55 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/09/23 18:25:55 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/09/11 14:56:35 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/09/11 14:56:34 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/08/05 12:00:26 | 000,024,036 | ---- | C] () -- C:\Users\Dennis\SDActivate.lng
[2010/10/24 17:24:04 | 000,000,857 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel
[2010/02/17 21:16:00 | 004,345,856 | ---- | C] () -- C:\Users\Dennis\s-1-5-21-866733348-1555914634-3150776905-1006.rrr
[2010/02/03 21:29:03 | 050,325,504 | ---- | C] () -- C:\Users\Dennis\Paragon-125-PEE_LinuxRCD_9.0.9.8679_002.iso
[2009/12/24 14:46:13 | 000,000,166 | ---- | C] () -- C:\Users\Dennis\Compress.res

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2013/07/01 15:17:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2013/07/01 15:17:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2013/07/01 15:17:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2013/07/01 15:17:18 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2013/07/01 15:17:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2013/07/01 15:17:18 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\i386\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\i386\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014/03/05 09:24:36 | 000,742,200 | ---- | M] (MalwareBytes) MD5=87829A6F3529D772FA8BF0C2C238D1C6 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\i386\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/05 09:24:36 | 000,742,200 | ---- | M] (MalwareBytes) MD5=87829A6F3529D772FA8BF0C2C238D1C6 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\i386\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000AAKX-75U6AA0 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: ST332082 0A USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 22.00GB
Starting Offset: 41943040
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 444.00GB
Starting Offset: 23305650176
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 32256
Hidden sectors: 0

========== Alternate Data Streams ==========

@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:E2295807
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:A2907225
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:5ED747B8
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:6E6A4F42
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:165AF2C6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A745DB5D

< End of report >


----------



## Satchfan (Jan 12, 2009)

I understand your frustration but cleaning an infected computer isn't an instant process.

We have cleared a lot of bad stuff but need to look in other places to see what is left.

*Run RogueKiller*

*IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs. *

Depending on your operating system, download one of these to your desktop:

*RogueKiller 32-bit*
*RogueKiller 64-bit*


 *for Windows Vista/Seven, right click -> run as administrator*, for XP simply double-click on *RogueKiller.exe* 
 when the pre-scan is finished, click on *Scan*
 click on Report and copy/paste the content in your next post
*NOTE: DO NOT attempt to remove anything that the scan detects -everything that is reported is not necessarily bad* 

If the program is blocked, continue to try it several times. If it still doesn't work, (it could happen), rename it to *winlogon.exe*.

Please post the contents of the *RKreport.txt* in your next reply.

===================================================

*Run Farbar Service Scanner*

Please download *Farbar Service Scanner* and run it on the computer with the issue.

Make sure the following options are checked:*Internet Services
Windows Firewallsfc
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services*​
press "*Scan*".
it will create a log (FSS.txt) in the same directory the tool is run.
please copy and paste the log to your reply.

Logs to include in the next post:

*RKreport.txt
FSS.txt *

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

My frustration sure wasn't with you guys. Your patience with me has been phenomenal. I was just frustrated because I don't think I have been doing this right.

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : Scan -- Date : 05/06/2014 19:41:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] iLivid.exe -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 48 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3246782875-1836535004-4075896310-1000\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[Dennis][SUSP PATH] Weather Alerts.lnk : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk @C:\Users\Dennis\AppData\Local\WEATHE~2\WEATHE~1.EXE /restart [-][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @explorer.exe (FillRect) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEC5A6D30)
[Address] IAT @explorer.exe (DrawTextW) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEC5A6BA0)
[Address] EAT @explorer.exe (AppCacheCheckManifest) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE2D2BC)
[Address] EAT @explorer.exe (AppCacheCloseHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE2A1D8)
[Address] EAT @explorer.exe (AppCacheDeleteGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51BE0)
[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51C38)
[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE2A2BC)
[Address] EAT @explorer.exe (AppCacheFinalize) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51C90)
[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51CE8)
[Address] EAT @explorer.exe (AppCacheFreeGroupList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE95488)
[Address] EAT @explorer.exe (AppCacheFreeIESpace) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE58570)
[Address] EAT @explorer.exe (AppCacheFreeSpace) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51DCC)
[Address] EAT @explorer.exe (AppCacheGetDownloadList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51E24)
[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51E7C)
[Address] EAT @explorer.exe (AppCacheGetGroupList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE95464)
[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51ED4)
[Address] EAT @explorer.exe (AppCacheGetInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51F2C)
[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE2BB30)
[Address] EAT @explorer.exe (AppCacheLookup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE456B8)
[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE35F8C)
[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDEBF24)
[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF1F50)
[Address] EAT @explorer.exe (CreateMD5SSOHash) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF29180)
[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE53808)
[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE536B8)
[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE35CC0)
[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE97200)
[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE971DC)
[Address] EAT @explorer.exe (CreateUrlCacheGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF52E4C)
[Address] EAT @explorer.exe (DeleteIE3Cache) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF57394)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE58BE0)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE494D0)
[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE5BD40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE5BD40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE5A1B0)
[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF52F4C)
[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF10270)
[Address] EAT @explorer.exe (DetectAutoProxyUrl) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF10694)
[Address] EAT @explorer.exe (DispatchAPICall) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDD14E8)
[Address] EAT @explorer.exe (DllCanUnloadNow) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4DC70)
[Address] EAT @explorer.exe (DllGetClassObject) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDE7470)
[Address] EAT @explorer.exe (DllInstall) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8CD10)
[Address] EAT @explorer.exe (DllRegisterServer) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF2E30)
[Address] EAT @explorer.exe (DllUnregisterServer) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF2E64)
[Address] EAT @explorer.exe (FindCloseUrlCache) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDD553C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF183C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDDE8C8)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4C580)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDD64A0)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDE89FC)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE52DE0)
[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF53044)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF1CA0)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDDEB5C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4C704)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5318C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5335C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDE8680)
[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5352C)
[Address] EAT @explorer.exe (ForceNexusLookup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF29390)
[Address] EAT @explorer.exe (ForceNexusLookupExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF293E0)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF53648)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE578B8)
[Address] EAT @explorer.exe (FtpCommandA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFD968)
[Address] EAT @explorer.exe (FtpCommandW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01494)
[Address] EAT @explorer.exe (FtpCreateDirectoryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFDA4C)
[Address] EAT @explorer.exe (FtpCreateDirectoryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01630)
[Address] EAT @explorer.exe (FtpDeleteFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFDAEC)
[Address] EAT @explorer.exe (FtpDeleteFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01798)
[Address] EAT @explorer.exe (FtpFindFirstFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFDB8C)
[Address] EAT @explorer.exe (FtpFindFirstFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01900)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFDDF8)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01AD8)
[Address] EAT @explorer.exe (FtpGetFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFDEB8)
[Address] EAT @explorer.exe (FtpGetFileEx) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01C60)
[Address] EAT @explorer.exe (FtpGetFileSize) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFE0DC)
[Address] EAT @explorer.exe (FtpGetFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01DF4)
[Address] EAT @explorer.exe (FtpOpenFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFE36C)
[Address] EAT @explorer.exe (FtpOpenFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01EF8)
[Address] EAT @explorer.exe (FtpPutFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFE44C)
[Address] EAT @explorer.exe (FtpPutFileEx) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF01F88)
[Address] EAT @explorer.exe (FtpPutFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF020EC)
[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFE7CC)
[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF021C0)
[Address] EAT @explorer.exe (FtpRenameFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFE86C)
[Address] EAT @explorer.exe (FtpRenameFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0231C)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFE920)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0253C)
[Address] EAT @explorer.exe (GetProxyDllInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE8D3C)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF53868)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE573F4)
[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4B510)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF53B04)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF53CBC)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE3AB20)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE39C80)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF53F04)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5416C)
[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE036A0)
[Address] EAT @explorer.exe (GopherCreateLocatorA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherCreateLocatorW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherFindFirstFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherFindFirstFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherGetAttributeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherGetAttributeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherOpenFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (GopherOpenFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDFC8C0)
[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE02A20)
[Address] EAT @explorer.exe (HttpCheckDavCompliance) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF15078)
[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE3BD00)
[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE3BE60)
[Address] EAT @explorer.exe (HttpEndRequestA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE356C0)
[Address] EAT @explorer.exe (HttpEndRequestW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF15714)
[Address] EAT @explorer.exe (HttpGetServerCredentials) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF2D5FC)
[Address] EAT @explorer.exe (HttpGetTunnelSocket) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF7BD4)
[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE46090)
[Address] EAT @explorer.exe (HttpOpenRequestA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF15D6C)
[Address] EAT @explorer.exe (HttpOpenRequestW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDFABE0)
[Address] EAT @explorer.exe (HttpPushClose) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF88B4)
[Address] EAT @explorer.exe (HttpPushEnable) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF8964)
[Address] EAT @explorer.exe (HttpPushWait) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF89BC)
[Address] EAT @explorer.exe (HttpQueryInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDFF8B0)
[Address] EAT @explorer.exe (HttpQueryInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE0F3A0)
[Address] EAT @explorer.exe (HttpSendRequestA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE92A14)
[Address] EAT @explorer.exe (HttpSendRequestExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF15814)
[Address] EAT @explorer.exe (HttpSendRequestExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE354A4)
[Address] EAT @explorer.exe (HttpSendRequestW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE0287C)
[Address] EAT @explorer.exe (HttpWebSocketClose) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF25E40)
[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF263CC)
[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF25F88)
[Address] EAT @explorer.exe (HttpWebSocketReceive) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF26878)
[Address] EAT @explorer.exe (HttpWebSocketSend) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF26DBC)
[Address] EAT @explorer.exe (HttpWebSocketShutdown) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF2707C)
[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE204A4)
[Address] EAT @explorer.exe (InternetAlgIdToStringA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF32440)
[Address] EAT @explorer.exe (InternetAlgIdToStringW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF32618)
[Address] EAT @explorer.exe (InternetAttemptConnect) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEECC48)
[Address] EAT @explorer.exe (InternetAutodial) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF1EF0)
[Address] EAT @explorer.exe (InternetAutodialCallback) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE955C)
[Address] EAT @explorer.exe (InternetAutodialHangup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF1F88)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEECCB0)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEEE0CC)
[Address] EAT @explorer.exe (InternetCheckConnectionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEECDBC)
[Address] EAT @explorer.exe (InternetCheckConnectionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEEE1DC)
[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF167F8)
[Address] EAT @explorer.exe (InternetCloseHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF8400)
[Address] EAT @explorer.exe (InternetCombineUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED288)
[Address] EAT @explorer.exe (InternetCombineUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF4DA8)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF333E4)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF333E4)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8FA00)
[Address] EAT @explorer.exe (InternetConnectA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED3A0)
[Address] EAT @explorer.exe (InternetConnectW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE01460)
[Address] EAT @explorer.exe (InternetCrackUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE1C300)
[Address] EAT @explorer.exe (InternetCrackUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE51DD0)
[Address] EAT @explorer.exe (InternetCreateUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED4CC)
[Address] EAT @explorer.exe (InternetCreateUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF4880)
[Address] EAT @explorer.exe (InternetDial) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF2018)
[Address] EAT @explorer.exe (InternetDialA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF2018)
[Address] EAT @explorer.exe (InternetDialW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF20D0)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF16804)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF1686C)
[Address] EAT @explorer.exe (InternetErrorDlg) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3349C)
[Address] EAT @explorer.exe (InternetFindNextFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF00DF0)
[Address] EAT @explorer.exe (InternetFindNextFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF03160)
[Address] EAT @explorer.exe (InternetFortezzaCommand) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF8A14)
[Address] EAT @explorer.exe (InternetFreeCookies) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE31254)
[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE63098)
[Address] EAT @explorer.exe (InternetGetCertByURL) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDD21A8)
[Address] EAT @explorer.exe (InternetGetCertByURLA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDD21A8)
[Address] EAT @explorer.exe (InternetGetConnectedState) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF3FF0)
[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE961B4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE961B4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE112A4)
[Address] EAT @explorer.exe (InternetGetCookieA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF17B40)
[Address] EAT @explorer.exe (InternetGetCookieEx2) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE31224)
[Address] EAT @explorer.exe (InternetGetCookieExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF17B64)
[Address] EAT @explorer.exe (InternetGetCookieExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE3126C)
[Address] EAT @explorer.exe (InternetGetCookieW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF17E70)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED564)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEEE2D0)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF16950)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF169A0)
[Address] EAT @explorer.exe (InternetGetProxyForUrl) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE62DE0)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED704)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED704)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEEE48C)
[Address] EAT @explorer.exe (InternetGoOnline) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF217C)
[Address] EAT @explorer.exe (InternetGoOnlineA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF217C)
[Address] EAT @explorer.exe (InternetGoOnlineW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF2220)
[Address] EAT @explorer.exe (InternetHangUp) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF22B8)
[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDEA100)
[Address] EAT @explorer.exe (InternetLockRequestFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE3B8D0)
[Address] EAT @explorer.exe (InternetOpenA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE146D0)
[Address] EAT @explorer.exe (InternetOpenUrlA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED81C)
[Address] EAT @explorer.exe (InternetOpenUrlW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEEE590)
[Address] EAT @explorer.exe (InternetOpenW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE14540)
[Address] EAT @explorer.exe (InternetQueryDataAvailable) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF0660)
[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF8A74)
[Address] EAT @explorer.exe (InternetQueryOptionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF6F40)
[Address] EAT @explorer.exe (InternetQueryOptionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF74F0)
[Address] EAT @explorer.exe (InternetReadFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE101F0)
[Address] EAT @explorer.exe (InternetReadFileExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE46D90)
[Address] EAT @explorer.exe (InternetReadFileExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE46D00)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF327F0)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF32960)
[Address] EAT @explorer.exe (InternetSetCookieA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF17E90)
[Address] EAT @explorer.exe (InternetSetCookieEx2) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF17EB8)
[Address] EAT @explorer.exe (InternetSetCookieExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF17F18)
[Address] EAT @explorer.exe (InternetSetCookieExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE1BDA0)
[Address] EAT @explorer.exe (InternetSetCookieW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF17FBC)
[Address] EAT @explorer.exe (InternetSetDialState) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF2338)
[Address] EAT @explorer.exe (InternetSetDialStateA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF2338)
[Address] EAT @explorer.exe (InternetSetDialStateW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF2390)
[Address] EAT @explorer.exe (InternetSetFilePointer) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE9763C)
[Address] EAT @explorer.exe (InternetSetOptionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF5EB0)
[Address] EAT @explorer.exe (InternetSetOptionExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEEEBA4)
[Address] EAT @explorer.exe (InternetSetOptionExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEEECA0)
[Address] EAT @explorer.exe (InternetSetOptionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDF6370)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF16A38)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF16AD0)
[Address] EAT @explorer.exe (InternetSetStatusCallback) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE164B0)
[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE164B0)
[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE5B9BC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED8B0)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEED8B0)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEEE73C)
[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE47860)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE47860)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEAD9A8)
[Address] EAT @explorer.exe (InternetTimeToSystemTime) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE93590)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE93590)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE934C0)
[Address] EAT @explorer.exe (InternetUnlockRequestFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE3B644)
[Address] EAT @explorer.exe (InternetWriteFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE35760)
[Address] EAT @explorer.exe (InternetWriteFileExA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (InternetWriteFileExW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (IsHostInProxyBypassList) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE19E94)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF543A0)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE973E4)
[Address] EAT @explorer.exe (LoadUrlCacheContent) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF0A424)
[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF32AD0)
[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE1D40C)
[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8CF94)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE346E4)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF544F0)
[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDD2A20)
[Address] EAT @explorer.exe (ResumeSuspendedDownload) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEF13F8)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF54600)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF547DC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF549B4)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE95FD0)
[Address] EAT @explorer.exe (RunOnceUrlCache) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDD21A8)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF54BB8)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF54CEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF54DEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF54DEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE189B0)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE28EE8)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF54FB8)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55174)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55364)
[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55524)
[Address] EAT @explorer.exe (ShowCertificate) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF32AD0)
[Address] EAT @explorer.exe (ShowClientAuthCerts) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF32AD0)
[Address] EAT @explorer.exe (ShowSecurityInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF32AF0)
[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF32C80)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55644)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55644)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5577C)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE5FA10)
[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF558BC)
[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF559DC)
[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55A34)
[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55A80)
[Address] EAT @explorer.exe (UrlCacheCreateContainer) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEDDEC5C)
[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE58948)
[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE98A90)
[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE60A60)
[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55AD8)
[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4C358)
[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55B30)
[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55B88)
[Address] EAT @explorer.exe (UrlCacheReloadSettings) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55BE8)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55C40)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55C98)
[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF55CF8)
[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE42E78)
[Address] EAT @explorer.exe (UrlZonesDetach) : WLDAP32.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF2D998)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-75U6AA0 ATA Device +++++
--- User ---
[MBR] 4952c65918422353552d14567243472f
[BSP] 4bf7971f8de781946bbc2347a472af44 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45518848 | Size: 454713 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05062014_194123.txt >>

Farbar Service Scanner Version: 03-05-2014
Ran by Dennis (administrator) on 06-05-2014 at 19:49:04
Running from "C:\Users\Dennis\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## Satchfan (Jan 12, 2009)

> I was just frustrated because I don't think I have been doing this right.


 You are doing fine.

A lot of bad stuff still there.

Its pointless doing a system restore as it is likely you are restoring a lot of the bad stuff but you may find this will fix some problems:

*Run RogueKiller*

*IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again*

close all programs
double-click *RogueKiller.exe* - Windows 7: right-click the program and select *Run as Administrator'*
after it has completed it's prescan click on the Registry tab
make sure the following entries there are checked, then click on *Delete*

*


Code:


[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3246782875-1836535004-4075896310-1000\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> FOUND

*
once again in the RogueKiller console, click the Hosts tab
make sure the following entries there are checked
*


Code:


199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

*
press the *Fix Host* button.

You should have 2 RogueKiller RKreports to post:

1. Mode: *Delete*
2. Mode: *HostFix*

Satchfan


----------



## DennisI (Apr 24, 2014)

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : HOSTSFix -- Date : 05/07/2014 15:30:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] iLivid.exe -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[0]_H_05072014_153047.txt >>
RKreport[0]_S_05062014_194123.txt;RKreport[0]_S_05072014_125059.txt;RKreport[0]_S_05072014_152454.txt


----------



## DennisI (Apr 24, 2014)

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : Scan -- Date : 05/07/2014 15:24:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] iLivid.exe -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 48 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3246782875-1836535004-4075896310-1000\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[Dennis][SUSP PATH] Weather Alerts.lnk : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk @C:\Users\Dennis\AppData\Local\WEATHE~2\WEATHE~1.EXE /restart [-][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @explorer.exe (FillRect) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEAC96D30)
[Address] IAT @explorer.exe (DrawTextW) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEAC96BA0)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-75U6AA0 ATA Device +++++
--- User ---
[MBR] 4952c65918422353552d14567243472f
[BSP] 4bf7971f8de781946bbc2347a472af44 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45518848 | Size: 454713 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05072014_152454.txt >>
RKreport[0]_S_05062014_194123.txt;RKreport[0]_S_05072014_125059.txt


----------



## Satchfan (Jan 12, 2009)

Hi Dennis

You appear to have sorted out part of the instruction but as the second scan was run before the Hosts Fix, Im not sure if you completed all of it. Dont worry, if you didnt manage the complete fix I can send new instructions.

Can you run Rogue Killer again and send the latest scan.

Have you tried connecting to the Internet since fixing the Hosts file?


----------



## DennisI (Apr 24, 2014)

Hope I did it right this time......

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : Scan -- Date : 05/08/2014 12:04:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] iLivid.exe -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @explorer.exe (FillRect) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEBFB6D30)
[Address] IAT @explorer.exe (DrawTextW) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEBFB6BA0)
[Address] EAT @explorer.exe (AppCacheCheckManifest) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE7D2BC)
[Address] EAT @explorer.exe (AppCacheCloseHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE7A1D8)
[Address] EAT @explorer.exe (AppCacheDeleteGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1BE0)
[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1C38)
[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE7A2BC)
[Address] EAT @explorer.exe (AppCacheFinalize) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1C90)
[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1CE8)
[Address] EAT @explorer.exe (AppCacheFreeGroupList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE5488)
[Address] EAT @explorer.exe (AppCacheFreeIESpace) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA8570)
[Address] EAT @explorer.exe (AppCacheFreeSpace) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1DCC)
[Address] EAT @explorer.exe (AppCacheGetDownloadList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1E24)
[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1E7C)
[Address] EAT @explorer.exe (AppCacheGetGroupList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE5464)
[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1ED4)
[Address] EAT @explorer.exe (AppCacheGetInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA1F2C)
[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE7BB30)
[Address] EAT @explorer.exe (AppCacheLookup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE956B8)
[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE85F8C)
[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE3BF24)
[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE41F50)
[Address] EAT @explorer.exe (CreateMD5SSOHash) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF79180)
[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA3808)
[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA36B8)
[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE85CC0)
[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE7200)
[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE71DC)
[Address] EAT @explorer.exe (CreateUrlCacheGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA2E4C)
[Address] EAT @explorer.exe (DeleteIE3Cache) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA7394)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA8BE0)
[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE994D0)
[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEABD40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEABD40)
[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEAA1B0)
[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA2F4C)
[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF60270)
[Address] EAT @explorer.exe (DetectAutoProxyUrl) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF60694)
[Address] EAT @explorer.exe (DispatchAPICall) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE214E8)
[Address] EAT @explorer.exe (DllCanUnloadNow) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE9DC70)
[Address] EAT @explorer.exe (DllGetClassObject) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE37470)
[Address] EAT @explorer.exe (DllInstall) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEDCD10)
[Address] EAT @explorer.exe (DllRegisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF42E30)
[Address] EAT @explorer.exe (DllUnregisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF42E64)
[Address] EAT @explorer.exe (FindCloseUrlCache) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE2553C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4183C)
[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE2E8C8)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE9C580)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE264A0)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE389FC)
[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA2DE0)
[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA3044)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE41CA0)
[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE2EB5C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE9C704)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA318C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA335C)
[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE38680)
[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA352C)
[Address] EAT @explorer.exe (ForceNexusLookup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF79390)
[Address] EAT @explorer.exe (ForceNexusLookupExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF793E0)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA3648)
[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA78B8)
[Address] EAT @explorer.exe (FtpCommandA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4D968)
[Address] EAT @explorer.exe (FtpCommandW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51494)
[Address] EAT @explorer.exe (FtpCreateDirectoryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4DA4C)
[Address] EAT @explorer.exe (FtpCreateDirectoryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51630)
[Address] EAT @explorer.exe (FtpDeleteFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4DAEC)
[Address] EAT @explorer.exe (FtpDeleteFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51798)
[Address] EAT @explorer.exe (FtpFindFirstFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4DB8C)
[Address] EAT @explorer.exe (FtpFindFirstFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51900)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4DDF8)
[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51AD8)
[Address] EAT @explorer.exe (FtpGetFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4DEB8)
[Address] EAT @explorer.exe (FtpGetFileEx) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51C60)
[Address] EAT @explorer.exe (FtpGetFileSize) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4E0DC)
[Address] EAT @explorer.exe (FtpGetFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51DF4)
[Address] EAT @explorer.exe (FtpOpenFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4E36C)
[Address] EAT @explorer.exe (FtpOpenFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51EF8)
[Address] EAT @explorer.exe (FtpPutFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4E44C)
[Address] EAT @explorer.exe (FtpPutFileEx) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF51F88)
[Address] EAT @explorer.exe (FtpPutFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF520EC)
[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4E7CC)
[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF521C0)
[Address] EAT @explorer.exe (FtpRenameFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4E86C)
[Address] EAT @explorer.exe (FtpRenameFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5231C)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4E920)
[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5253C)
[Address] EAT @explorer.exe (GetProxyDllInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF38D3C)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA3868)
[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA73F4)
[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE9B510)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA3B04)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA3CBC)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8AB20)
[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE89C80)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA3F04)
[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA416C)
[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE536A0)
[Address] EAT @explorer.exe (GopherCreateLocatorA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherCreateLocatorW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherFindFirstFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherFindFirstFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherGetAttributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherGetAttributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherOpenFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (GopherOpenFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4C8C0)
[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE52A20)
[Address] EAT @explorer.exe (HttpCheckDavCompliance) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF65078)
[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8BD00)
[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8BE60)
[Address] EAT @explorer.exe (HttpEndRequestA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE856C0)
[Address] EAT @explorer.exe (HttpEndRequestW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF65714)
[Address] EAT @explorer.exe (HttpGetServerCredentials) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF7D5FC)
[Address] EAT @explorer.exe (HttpGetTunnelSocket) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF47BD4)
[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE96090)
[Address] EAT @explorer.exe (HttpOpenRequestA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF65D6C)
[Address] EAT @explorer.exe (HttpOpenRequestW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4ABE0)
[Address] EAT @explorer.exe (HttpPushClose) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF488B4)
[Address] EAT @explorer.exe (HttpPushEnable) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF48964)
[Address] EAT @explorer.exe (HttpPushWait) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF489BC)
[Address] EAT @explorer.exe (HttpQueryInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE4F8B0)
[Address] EAT @explorer.exe (HttpQueryInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE5F3A0)
[Address] EAT @explorer.exe (HttpSendRequestA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE2A14)
[Address] EAT @explorer.exe (HttpSendRequestExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF65814)
[Address] EAT @explorer.exe (HttpSendRequestExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE854A4)
[Address] EAT @explorer.exe (HttpSendRequestW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE5287C)
[Address] EAT @explorer.exe (HttpWebSocketClose) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF75E40)
[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF763CC)
[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF75F88)
[Address] EAT @explorer.exe (HttpWebSocketReceive) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF76878)
[Address] EAT @explorer.exe (HttpWebSocketSend) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF76DBC)
[Address] EAT @explorer.exe (HttpWebSocketShutdown) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF7707C)
[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE704A4)
[Address] EAT @explorer.exe (InternetAlgIdToStringA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF82440)
[Address] EAT @explorer.exe (InternetAlgIdToStringW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF82618)
[Address] EAT @explorer.exe (InternetAttemptConnect) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3CC48)
[Address] EAT @explorer.exe (InternetAutodial) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF41EF0)
[Address] EAT @explorer.exe (InternetAutodialCallback) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3955C)
[Address] EAT @explorer.exe (InternetAutodialHangup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF41F88)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3CCB0)
[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3E0CC)
[Address] EAT @explorer.exe (InternetCheckConnectionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3CDBC)
[Address] EAT @explorer.exe (InternetCheckConnectionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3E1DC)
[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF667F8)
[Address] EAT @explorer.exe (InternetCloseHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE48400)
[Address] EAT @explorer.exe (InternetCombineUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D288)
[Address] EAT @explorer.exe (InternetCombineUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE44DA8)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF833E4)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF833E4)
[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEDFA00)
[Address] EAT @explorer.exe (InternetConnectA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D3A0)
[Address] EAT @explorer.exe (InternetConnectW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE51460)
[Address] EAT @explorer.exe (InternetCrackUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE6C300)
[Address] EAT @explorer.exe (InternetCrackUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA1DD0)
[Address] EAT @explorer.exe (InternetCreateUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D4CC)
[Address] EAT @explorer.exe (InternetCreateUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE44880)
[Address] EAT @explorer.exe (InternetDial) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF42018)
[Address] EAT @explorer.exe (InternetDialA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF42018)
[Address] EAT @explorer.exe (InternetDialW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF420D0)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF66804)
[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF6686C)
[Address] EAT @explorer.exe (InternetErrorDlg) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF8349C)
[Address] EAT @explorer.exe (InternetFindNextFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF50DF0)
[Address] EAT @explorer.exe (InternetFindNextFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF53160)
[Address] EAT @explorer.exe (InternetFortezzaCommand) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF48A14)
[Address] EAT @explorer.exe (InternetFreeCookies) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE81254)
[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEB3098)
[Address] EAT @explorer.exe (InternetGetCertByURL) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE221A8)
[Address] EAT @explorer.exe (InternetGetCertByURLA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE221A8)
[Address] EAT @explorer.exe (InternetGetConnectedState) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE43FF0)
[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE61B4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE61B4)
[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE612A4)
[Address] EAT @explorer.exe (InternetGetCookieA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF67B40)
[Address] EAT @explorer.exe (InternetGetCookieEx2) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE81224)
[Address] EAT @explorer.exe (InternetGetCookieExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF67B64)
[Address] EAT @explorer.exe (InternetGetCookieExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8126C)
[Address] EAT @explorer.exe (InternetGetCookieW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF67E70)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D564)
[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3E2D0)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF66950)
[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF669A0)
[Address] EAT @explorer.exe (InternetGetProxyForUrl) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEB2DE0)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D704)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D704)
[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3E48C)
[Address] EAT @explorer.exe (InternetGoOnline) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4217C)
[Address] EAT @explorer.exe (InternetGoOnlineA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF4217C)
[Address] EAT @explorer.exe (InternetGoOnlineW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF42220)
[Address] EAT @explorer.exe (InternetHangUp) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF422B8)
[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE3A100)
[Address] EAT @explorer.exe (InternetLockRequestFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8B8D0)
[Address] EAT @explorer.exe (InternetOpenA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE646D0)
[Address] EAT @explorer.exe (InternetOpenUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D81C)
[Address] EAT @explorer.exe (InternetOpenUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3E590)
[Address] EAT @explorer.exe (InternetOpenW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE64540)
[Address] EAT @explorer.exe (InternetQueryDataAvailable) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE40660)
[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF48A74)
[Address] EAT @explorer.exe (InternetQueryOptionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE46F40)
[Address] EAT @explorer.exe (InternetQueryOptionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE474F0)
[Address] EAT @explorer.exe (InternetReadFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE601F0)
[Address] EAT @explorer.exe (InternetReadFileExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE96D90)
[Address] EAT @explorer.exe (InternetReadFileExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE96D00)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF827F0)
[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF82960)
[Address] EAT @explorer.exe (InternetSetCookieA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF67E90)
[Address] EAT @explorer.exe (InternetSetCookieEx2) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF67EB8)
[Address] EAT @explorer.exe (InternetSetCookieExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF67F18)
[Address] EAT @explorer.exe (InternetSetCookieExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE6BDA0)
[Address] EAT @explorer.exe (InternetSetCookieW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF67FBC)
[Address] EAT @explorer.exe (InternetSetDialState) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF42338)
[Address] EAT @explorer.exe (InternetSetDialStateA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF42338)
[Address] EAT @explorer.exe (InternetSetDialStateW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF42390)
[Address] EAT @explorer.exe (InternetSetFilePointer) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE763C)
[Address] EAT @explorer.exe (InternetSetOptionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE45EB0)
[Address] EAT @explorer.exe (InternetSetOptionExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3EBA4)
[Address] EAT @explorer.exe (InternetSetOptionExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3ECA0)
[Address] EAT @explorer.exe (InternetSetOptionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE46370)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF66A38)
[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF66AD0)
[Address] EAT @explorer.exe (InternetSetStatusCallback) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE664B0)
[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE664B0)
[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEAB9BC)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D8B0)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3D8B0)
[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF3E73C)
[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE97860)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE97860)
[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEFD9A8)
[Address] EAT @explorer.exe (InternetTimeToSystemTime) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE3590)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE3590)
[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE34C0)
[Address] EAT @explorer.exe (InternetUnlockRequestFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE8B644)
[Address] EAT @explorer.exe (InternetWriteFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE85760)
[Address] EAT @explorer.exe (InternetWriteFileExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (InternetWriteFileExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (IsHostInProxyBypassList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE69E94)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA43A0)
[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE73E4)
[Address] EAT @explorer.exe (LoadUrlCacheContent) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF5A424)
[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF82AD0)
[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE6D40C)
[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEDCF94)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE846E4)
[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA44F0)
[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE22A20)
[Address] EAT @explorer.exe (ResumeSuspendedDownload) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF413F8)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA4600)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA47DC)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA49B4)
[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE5FD0)
[Address] EAT @explorer.exe (RunOnceUrlCache) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE221A8)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA4BB8)
[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA4CEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA4DEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA4DEC)
[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE689B0)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE78EE8)
[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA4FB8)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5174)
[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5364)
[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5524)
[Address] EAT @explorer.exe (ShowCertificate) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF82AD0)
[Address] EAT @explorer.exe (ShowClientAuthCerts) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF82AD0)
[Address] EAT @explorer.exe (ShowSecurityInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF82AF0)
[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF82C80)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5644)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5644)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA577C)
[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEAFA10)
[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA58BC)
[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA59DC)
[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5A34)
[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5A80)
[Address] EAT @explorer.exe (UrlCacheCreateContainer) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE2EC5C)
[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEA8948)
[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEE8A90)
[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEEB0A60)
[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5AD8)
[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE9C358)
[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5B30)
[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5B88)
[Address] EAT @explorer.exe (UrlCacheReloadSettings) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5BE8)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5C40)
[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5C98)
[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEFA5CF8)
[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEE92E78)
[Address] EAT @explorer.exe (UrlZonesDetach) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFEF7D998)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-75U6AA0 ATA Device +++++
--- User ---
[MBR] 4952c65918422353552d14567243472f
[BSP] 4bf7971f8de781946bbc2347a472af44 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45518848 | Size: 454713 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05082014_120439.txt >>
RKreport[0]_D_05082014_120228.txt;RKreport[0]_S_05082014_120212.txt

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : HOSTSFix -- Date : 05/08/2014 12:05:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] iLivid.exe -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[0]_H_05082014_120508.txt >>
RKreport[0]_D_05082014_120228.txt;RKreport[0]_S_05082014_120212.txt;RKreport[0]_S_05082014_120439.txt


----------



## Satchfan (Jan 12, 2009)

Unfortunately some of the infections are still there so lets try to run it again and if you dont understand any of the instructions let me know.

*Run RogueKiller*

*IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again*

close all programs
double-click *RogueKiller.exe* - Windows 7: right-click the program and select *Run as Administrator'*
after it has completed it's prescan click on the Registry tab
make sure the following entries there are checked, (that means click on the box next to it and make sure there is a tick in it), then click on *Delete*

*


Code:


[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3246782875-1836535004-4075896310-1000\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> FOUND

*Satchfan


----------



## DennisI (Apr 24, 2014)

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : Scan -- Date : 05/08/2014 16:40:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] iLivid.exe -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 48 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3246782875-1836535004-4075896310-1000\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> FOUND
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> FOUND
[IFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[Dennis][SUSP PATH] Weather Alerts.lnk : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk @C:\Users\Dennis\AppData\Local\WEATHE~2\WEATHE~1.EXE /restart [-][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @explorer.exe (FillRect) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEAD66D30)
[Address] IAT @explorer.exe (DrawTextW) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEAD66BA0)
[Address] EAT @explorer.exe (DllCanUnloadNow) : DDRAW.dll -> HOOKED (C:\Windows\System32\AltTab.dll @ 0xEE6720D8)
[Address] EAT @explorer.exe (DllGetClassObject) : DDRAW.dll -> HOOKED (C:\Windows\System32\AltTab.dll @ 0xEE6720EC)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-75U6AA0 ATA Device +++++
--- User ---
[MBR] 4952c65918422353552d14567243472f
[BSP] 4bf7971f8de781946bbc2347a472af44 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45518848 | Size: 454713 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05082014_164040.txt >>
RKreport[0]_D_05082014_120228.txt;RKreport[0]_H_05082014_120508.txt;RKreport[0]_S_05082014_120212.txt
RKreport[0]_S_05082014_120439.txt

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : Remove -- Date : 05/08/2014 16:40:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] iLivid.exe -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 48 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3246782875-1836535004-4075896310-1000\[...]\Run : iLivid ("C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe" -autorun [-]) -> [0x2] The system cannot find the file specified. 
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browsemngr.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browsermngr.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\bundlesweetimsetup.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\cltmngsvc.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\delta babylon.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\delta tb.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\delta2.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\deltainstaller.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\deltasetup.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\deltatb.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\deltatb_2501-c733154b.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\iminentsetup.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\jumpflip : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\rjatydimofu.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchinstaller.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchsettings.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchsettings64.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\sweetimsetup.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\tbdelta.exetoolbar783881609.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\umbrella.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\volaro : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\vonteera : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\websteroids.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\websteroidsservice.exe : Debugger (tasklist.exe [7]) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[Dennis][SUSP PATH] Weather Alerts.lnk : C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk @C:\Users\Dennis\AppData\Local\WEATHE~2\WEATHE~1.EXE /restart [-][-] -> DELETED

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] IAT @explorer.exe (FillRect) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEAD66D30)
[Address] IAT @explorer.exe (DrawTextW) : USER32.dll -> HOOKED (c:\program files (x86)\stardock\fences\DesktopDock64.dll @ 0xEAD66BA0)
[Address] EAT @explorer.exe (DllCanUnloadNow) : DDRAW.dll -> HOOKED (C:\Windows\System32\AltTab.dll @ 0xEE6720D8)
[Address] EAT @explorer.exe (DllGetClassObject) : DDRAW.dll -> HOOKED (C:\Windows\System32\AltTab.dll @ 0xEE6720EC)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-75U6AA0 ATA Device +++++
--- User ---
[MBR] 4952c65918422353552d14567243472f
[BSP] 4bf7971f8de781946bbc2347a472af44 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 45518848 | Size: 454713 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05082014_164059.txt >>
RKreport[0]_D_05082014_120228.txt;RKreport[0]_H_05082014_120508.txt;RKreport[0]_S_05082014_120212.txt
RKreport[0]_S_05082014_120439.txt;RKreport[0]_S_05082014_164040.txt

Hope this one is better


----------



## Satchfan (Jan 12, 2009)

Well done. That dealt with some bad stuff.

I'd like you to run it once more to be sure that other settings were dealt with and then run a completely new scan.

*Run RogueKiller*

*IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again*


close all programs
double-click *RogueKiller.exe* - Windows 7: right-click the program and select *Run as Administrator'*
let the prescan run then in then click the "Hosts" tab
make sure the following entries there are checked:
*


Code:


199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

*
press the *Fix Host* button.

There should be a new log called *HostFix*

Please post it and let me know how the computer behaves after this.

Satchfan


----------



## DennisI (Apr 24, 2014)

This is what I got from the last run:

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : HOSTSFix -- Date : 05/09/2014 12:30:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> G:\Users\Default\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[0]_H_05092014_123001.txt >>
RKreport[0]_D_05092014_113309.txt;RKreport[0]_D_05092014_113405.txt;RKreport[0]_D_05092014_121445.txt
RKreport[0]_H_05092014_121700.txt;RKreport[0]_S_05082014_233027.txt;RKreport[0]_S_05092014_113254.txt
RKreport[0]_S_05092014_113401.txt;RKreport[0]_S_05092014_121428.txt;RKreport[0]_S_05092014_121642.txt
RKreport[0]_S_05092014_122944.txt


----------



## Satchfan (Jan 12, 2009)

Excellent work. Are you able to start normally and connect to the Internet?


----------



## DennisI (Apr 24, 2014)

I can't really tell if anything has changed without rebooting. I tried to create a restore point but it timed out (I did make sure that the right option was checked and I increased disk space to over 10 gig).


----------



## Satchfan (Jan 12, 2009)

Please reboot and try to use the computer normally. *Do not use System Restore*.


----------



## DennisI (Apr 24, 2014)

I rebooted and the problem is still there. It seemed like a good idea to create a restore point prior to reboting because as I understand this, now I will have to go through the whole RogueKiller process again.


----------



## Satchfan (Jan 12, 2009)

> It seemed like a good idea to create a restore point prior to reboting


At the beginning I asked you to do nothing without instruction and if it was a good idea I would have suggested it myself. As it is you could have set up an infected restore point.

Please delete all the previous Rogue Killer logs and run a new scan.

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

I'm sorry, the last thing in the world I want to do is make you mad. It shouldn't make a difference because creating a restore point didn't work anyway.

RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dennis [Admin rights]
Mode : HOSTSFix -- Date : 05/10/2014 11:41:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] iLivid.exe -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> G:\Users\Default\NTUSER.DAT | DRVINFO [Drv - G:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[0]_H_05102014_114128.txt >>
RKreport[0]_D_05092014_113309.txt;RKreport[0]_D_05092014_113405.txt;RKreport[0]_D_05092014_121445.txt
RKreport[0]_D_05102014_113851.txt;RKreport[0]_H_05092014_121700.txt;RKreport[0]_H_05092014_123001.txt
RKreport[0]_S_05082014_233027.txt;RKreport[0]_S_05092014_113254.txt;RKreport[0]_S_05092014_113401.txt
RKreport[0]_S_05092014_121428.txt;RKreport[0]_S_05092014_121642.txt;RKreport[0]_S_05092014_122944.txt
RKreport[0]_S_05102014_113827.txt;RKreport[0]_S_05102014_114040.txt


----------



## Satchfan (Jan 12, 2009)

I can assure you that I am not mad. If I got mad I wouldnt do this because getting mad is bad for your health. 

Well try fixing your hosts file a different way.

Please copy all text in the code box below and paste it into Notepad:

*


Code:


Windows Registry Editor Version 5.00

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

*
save the Notepad file to your desktop and name it *flush.bat*
save type as "All Files"
on your desktop, double-click on *flush.bat* to run it, (a black CMD window will flash, then disappear - this is normal).

=============================================

*Run OTL *

Please delete all the OTL.txt and the Extras.txt files in this folder:

* C:\Users\Dennis\Downloads*


open OTL again, click on *Extra Registry -> Use Safelist*
then click *Run Scan*

Post back with the 2 new log files

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

This may be a problem. When I run flush.bat it reboots,my computer. This means that I lose communications again and the only way to get it back is to do a restore. Kinda a rock and hard place situation......


----------



## Satchfan (Jan 12, 2009)

*Please run these in the order requested*.

*Run TDSSKiller*

Please download *TDSSKiller.zip*


extract it to your desktop
double click *TDSSKiller.exe*
press *Start Scan*
only if *Malicious* objects are found then ensure *Cure* is selected. Do not change it to *Delete* or *Quarantine* as it may delete infected files that are required for Windows to operate properly.
then click *Continue* > *Reboot now*

copy and paste the log in your next reply.
_A copy of the log will be saved automatically to the root of the drive (typically *C:\*)_ called *TDSSKiller_**** _(*** denotes version & date) _

======================================================

*Download and run ComboFix*

Download *Combofix* from either of the links below, and save it to your desktop.

*Link 1* 
*Link 2*

**Note:  It *MUST* be saved directly to your desktop. Choose *save as* and then make sure you choose *Desktop*

--------------------------------------------------------------------

*IMPORTANT* - *Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link *here *

--------------------------------------------------------------------

Double click on *ComboFix.exe* & follow the prompts. 

when finished, it will produce a report for you.
please post the *C:\ComboFix.txt * in your next post.
Please also remember to include the *TDSSKiller* log

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

The files were too,large to paste. Hope this is OK.


----------



## Satchfan (Jan 12, 2009)

Thank you; the logs were correct.


Please bear with me as I am trying to deal with an urgent situation I have here but hope I'll be able to look at the logs thoroughly and reply later today.


Thanks


Satchfan


----------



## DennisI (Apr 24, 2014)

No problem. But I do need to tell you that the rebooted overnight (I usually leave it on). Should I re-run yesterday's runs the same way?


----------



## Satchfan (Jan 12, 2009)

You are doing OK but we are going to have to look at different possibilities at solving this.

Please do the following:

*Run CKScanner*

Download *CKScanner* by *askey127 *from *here* & *save it to your Desktop*.

doubleclick *CKScanner.exe* then click *Search For Files*
when the cursor hourglass disappears, click *Save List To File*
a message box will verify the file saved
double-click the *CKFiles.txt* icon on your desktop then copy/paste the contents in your next reply.
 ===================================================


Please download *MGADiag* by clicking *here* and save it to your desktop.
double click the







icon on your desktop.
push








push








go to Start -> Run and type in "Notepad"
go to Edit -> Paste in notepad.
*"x" out all of the numbers and letters in the line beginning with "Windows Product Key:"*
Copy and paste that log here.
Please copy/paste both the logs.

Satchfan


----------



## DennisI (Apr 24, 2014)

I couldn't find Windows Product Key. Hope this is OK.

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\adwcleaner\quarantine\c\program files (x86)\registry mechanic\pc tools registry mechanic9.0.0.120 +crack [ut]\crack\update.exe.vir
c:\program files (x86)\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\pysol fan club edition\data\html\rules\firecracker.html
c:\program files (x86)\pysolfc solitaire\data\html\rules\firecracker.html
c:\program files (x86)\registry mechanic\pc tools registry mechanic9.0.0.120 +crack [ut]\crack\update.exe
c:\users\dennis\desktop\old firefox data\ct2475029\feed\http___crackle_com_rss_media_sxsw_featured_rss_history.xml
c:\users\dennis\desktop\old firefox data\ct2475029\feed\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml
c:\users\dennis\music\various artists\tbs tunes- fun tracks, wisecracks\desktop.ini
scanner sequence 3.CE.11.QQNABZ
----- EOF -----

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {4882A3A4-6548-465D-831E-FA23E370798C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Aurora\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{4882A3A4-6548-465D-831E-FA23E370798C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-3246782875-1836535004-4075896310</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 660s</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A10</Version><SMBIOSVersion major="2" minor="7"/><Date>20130510000000.000000+000</Date></BIOS><HWID>10E33C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>WN09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-1033-7601.0000-2542013
Installation ID: 010046353382562100147280411113957005875171414105764746
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 5/11/2014 5:43:52 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: PAAAAAIAAgABAAEAAQACAAAABgABAAEA6GFqChYkFT8ClRLCJoUQeHf2OPC/W/A42uAcOOLgHTjj4JZj

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL WN09 
FACP DELL WN09 
HPET DELL WN09 
MCFG DELL WN09 
FPDT DELL WN09 
SLIC DELL WN09 
SSDT SataRe SataTabl
SSDT SataRe SataTabl
SSDT SataRe SataTabl
ASF! INTEL HCG


----------



## Satchfan (Jan 12, 2009)

You have an *illegal * program on your system, which is likely how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as *ALL *illegal software contains some form of malicious code.

This forum, as well as all the other malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal.of it.

Continuing to help you could be viewed as supporting/condoning this therefore, if you require further help I need you to uninstall all the illegal software that you have downloaded and installed.

Uninstall * c:\program files (x86)\registry mechanic*

When you have done thus, run CKScanner again and post a new log.

*Run OTL *

Please do as I asked previously; delete all the OTL.txt and the Extras.txt files in this folder:

* C:\Users\Dennis\Downloads*


open OTL again, click on *Extra Registry -> Use Safelist*
then click *Run Scan*
Post back with the 2 new log files

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

I assure you I was not using that program. Add/delete could not even find it. I was able to use force delete in Revo uninstaller to get rid of it.

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\adwcleaner\quarantine\c\program files (x86)\registry mechanic\pc tools registry mechanic9.0.0.120 +crack [ut]\crack\update.exe.vir
c:\program files (x86)\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\pysol fan club edition\data\html\rules\firecracker.html
c:\program files (x86)\pysolfc solitaire\data\html\rules\firecracker.html
c:\users\dennis\desktop\old firefox data\ct2475029\feed\http___crackle_com_rss_media_sxsw_featured_rss_history.xml
c:\users\dennis\desktop\old firefox data\ct2475029\feed\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml
c:\users\dennis\music\various artists\tbs tunes- fun tracks, wisecracks\desktop.ini
scanner sequence 3.GL.11.AKAPLZ
----- EOF -----

The other 2 files were too large to copy in.


----------



## Satchfan (Jan 12, 2009)

Looks like were back to square one due to the System Restores

Firefox is so infected that I suggest that you uninstall it for now, (well reinstall it later when your computer is clean). This will clear out all user data and plugins and it will be easier than cleaning it and hoping weve got all the infections.

You can backup your bookmarks if you need to but you will need to install any addins again.

Also note down any passwords etc.

Download a new copy of Firefox from *here* and save it to your desktop.

*How to backup your bookmarks*


open Firefox.
click the Bookmarks menu
click select *Show All Bookmarks*
in the Library window, click the *Import and Backup* button and then select *Backup*
in the Bookmarks backup filename window that opens, choose a location to save the file, which is named *Bookmarks-"date".json* by default
once the backup has run, close all windows and check location for backup file.

*Remove Firefox*


click on *Start, Run* 
in the open text entry box please copy/paste *appwiz.cpl* Then click *Enter*. 
press the *Remove* or *Change/Remove*...button to uninstall *Firefox*. 

*Delete folders in red*

*C:\Program Files\Mozilla Firefox
c:\documents and settings\tiffany\application data\mozilla*

*Reboot*

===================================================

*Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below. *

*Run OTL*


double click on the icon to run it.
copy/paste *ALL* the following text written *inside the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL

*


Code:


:Services

:OTL
PRC - [2014/02/11 19:55:35 | 007,307,776 | ---- | M] (Bandoo Media Inc.) -- C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe
MOD - [2014/04/28 05:38:18 | 000,490,000 | ---- | M] () -- C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
MOD - [2014/04/28 05:38:09 | 000,020,496 | ---- | M] () -- C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
SRV - [2014/04/28 05:38:05 | 003,543,056 | ---- | M] (Aztec Media Inc) [Auto | Running] -- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe -- (SystemkService)
DRV - [2014/04/28 05:38:06 | 000,036,240 | ---- | M] (Aztec Media Inc) [Kernel | System | Stopped] -- C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A91196222)
DRV - [2014/04/28 05:38:06 | 000,036,240 | ---- | M] (Aztec Media Inc) [Kernel | Disabled | Running] -- C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg -- (F06DEFF2-5B9C-490D-910F-35D3A9119622)
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtD0EtD0D0E0B0AtAyCyDtN0D0Tzu0SyBtAzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2118251588&ir=
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {2D8FAFFE-9B47-42D5-8278-5AC97754C495}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=US&userid=59b3a5cf-64c1-45de-9db9-460163f80d7d&searchtype=ds&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=323805679_39894717&did=%7bad62acbf-5801-47c1-abfd-f3e3bf8aa8cb%7d&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{371B386D-5E2A-4F14-B1EC-0AC31014AFBF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{49C75C73-8869-A5C9-7078-423A0CB9E70B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztC0FyCyCtD0EtD0D0E0B0AtAyCyDtN0D0Tzu0SyBtAzytN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2118251588&ir=
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9780110726514813&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12521&tm=308&src=ds&p={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtB0BtD0E0ByCyCyB0FyDzz0FyEtN0D0Tzu0CtCzztAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1069037744
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12521&tm=308&src=ds&p={searchTerms}
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=100&itype=n&ver=11471&tm=308&src=hmp
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=US&userid=f3294408-9715-8a95-532a-3198f4bd90d3&searchtype=ds&q={searchTerms}&installDate=06/02/2014
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12521&tm=308&src=ds&p={searchTerms}
O1 - Hosts: 199.21.112.35 clicks.aweber.com
O1 - Hosts: 199.21.112.35 main.exoclick.com
O1 - Hosts: 199.21.112.35 www.ininbox.com
O1 - Hosts: 199.21.112.35 click.icptrack.com
O1 - Hosts: 199.21.112.35 untappedresults.ontraport.net
O1 - Hosts: 199.21.112.35 amviplink.ontraport.net
O1 - Hosts: 199.21.112.35 lurnmail.com
O1 - Hosts: 199.21.112.35 www.lurnmail.com
O1 - Hosts: 199.21.112.35 gvomail.com
O1 - Hosts: 199.21.112.35 www.gvomail.com
O2:[b]64bit:[/b] - BHO: (no name) - {11111111-1111-1111-1111-110511071176} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
O2 - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [iLivid] C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll) - C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll) - C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll ()
[2014/05/12 12:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\systemk

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]

*
click the *Run Fix* button at the top
let the program run unhindered, reboot when it is done
post a new OTL log
please post the OTL fix log and new OTL log.

Logs to include in the next post:

*OTL fix log
New OTL log*

Satchfan


----------



## DennisI (Apr 24, 2014)

OK I am now ready to tear out the little hair I have left. When I run OTL it wants to reboot the system. When it reboots I loose the ability to connect to the internet. A restore is required to get back to the internet. This restores Firefox and I assume negates any changes OTL made. I noticed something. When I restored this time I got a message that restore failed. And yet I can access the internet again? Anyway the only log I got from OTL follows:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named iLivid.exe was found!
Releasing module C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
File move failed. C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll scheduled to be moved on reboot.
Releasing module C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
File move failed. C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll scheduled to be moved on reboot.
Releasing module C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
File move failed. C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll scheduled to be moved on reboot.
Releasing module C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
File move failed. C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll scheduled to be moved on reboot.
Error: Unable to stop service SystemkService!
Unable to delete service\driver key SystemkService.
File move failed. C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe scheduled to be moved on reboot.
Service F06DEFF2-5B9C-490D-910F-35D3A91196222 stopped successfully!
Service F06DEFF2-5B9C-490D-910F-35D3A91196222 deleted successfully!
File move failed. C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg scheduled to be moved on reboot.
Error: Unable to stop service F06DEFF2-5B9C-490D-910F-35D3A9119622!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 deleted successfully.
File move failed. C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg scheduled to be moved on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{371B386D-5E2A-4F14-B1EC-0AC31014AFBF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371B386D-5E2A-4F14-B1EC-0AC31014AFBF}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49C75C73-8869-A5C9-7078-423A0CB9E70B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49C75C73-8869-A5C9-7078-423A0CB9E70B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ not found.
HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ not found.
199.21.112.35 clicks.aweber.com removed from HOSTS file successfully
199.21.112.35 main.exoclick.com removed from HOSTS file successfully
199.21.112.35 www.ininbox.com removed from HOSTS file successfully
199.21.112.35 click.icptrack.com removed from HOSTS file successfully
199.21.112.35 untappedresults.ontraport.net removed from HOSTS file successfully
199.21.112.35 amviplink.ontraport.net removed from HOSTS file successfully
199.21.112.35 lurnmail.com removed from HOSTS file successfully
199.21.112.35 gvomail.com removed from HOSTS file successfully
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511071176}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}\ deleted successfully.
C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}\ deleted successfully.
C:\Program Files (x86)\Linkey\IEExtension\iedll.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid deleted successfully.
C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully.
File move failed. C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully.
File move failed. C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\systemk scheduled to be moved on reboot.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dennis\Downloads\cmd.bat deleted successfully.
C:\Users\Dennis\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dennis
->Temp folder emptied: 42069040 bytes
->Temporary Internet Files folder emptied: 66958570 bytes
->Java cache emptied: 48021 bytes
->FireFox cache emptied: 109020463 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 177292629 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 399153536 bytes

Total Files Cleaned = 758.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 05132014_191008
Files\Folders moved on Reboot...
C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll moved successfully.
C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll moved successfully.
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe moved successfully.
C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg moved successfully.
C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll moved successfully.
C:\ProgramData\systemk folder moved successfully.
C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dennis\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG1O1UWU\ga_exp[1].js moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG1O1UWU\hovercard[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY1HRDS8\postmessageRelay[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY1HRDS8\proxy[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IY1HRDS8\recentposts[2].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9ZQ3F6M\chat_message_52df20dbc4522c398abba5d0b6377131[1].dat moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9ZQ3F6M\rs=AItRSTMI5eUpCZX518ypOGR_b7O0uCQq-Q[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PDAAR1R\1124920-unidenttfied-network-5[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PDAAR1R\canvas[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PDAAR1R\frame[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PDAAR1R\mail[1].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PDAAR1R\mail[3].htm moved successfully.
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
C:\Windows\temp\avast_ash\Java Runtime Environment 8 (64 Bit)\BITAD52.tmp moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...


----------



## Satchfan (Jan 12, 2009)

The best way to deal with this is to avoid the Internet for the moment. Do you have access to another computer that you can use to reply?

If not, please run the OTL fix again and when the computer reboots, start in safe mode and see if you can access the Internet.


when OTL reboots the machine, gently tap the *F8* key repeatedly until you are presented with the *Windows Advanced Boot Options* menu
select the option for *Safe Mode with networking* using the arrow keys
then press *Enter* on your keyboard to boot into Safe Mode.
 Let me know what happens.


----------



## DennisI (Apr 24, 2014)

I rebooted to SAFE MODE WITH NETWORKING, but still got unidentified network. I also tried to get here with my Nook but internet access is too kludgy (these old eyes can't see to well and my fingers don't do too well on those little "keys"). I might be able to get access to another computer, but only typing to you (no FA's or copying in). Guess I am just screwed.....


----------



## Satchfan (Jan 12, 2009)

I could get you to run many different scans but the scans weve run have identified the infections and are very capable of dealing with them.

Well try one more different one to see what the situation is with the Internet.

*Run MiniToolBox*

*Note:* When using the "Reset FF Proxy Settings" option, Firefox should be closed.

Please download *MiniToolBox*, save it to your desktop and run it.

Place a checkmark in the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.
List Minidump Files

Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Satchfan


----------



## DennisI (Apr 24, 2014)

Here ya go:

MiniToolBox by Farbar Version: 23-01-2014
Ran by Dennis (administrator) on 15-05-2014 at 12:59:14
Running from "C:\Users\Dennis\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

199.21.112.35 clicks.aweber.com
199.21.112.35 main.exoclick.com
199.21.112.35 www.ininbox.com
199.21.112.35 click.icptrack.com
199.21.112.35 untappedresults.ontraport.net
199.21.112.35 amviplink.ontraport.net
199.21.112.35 lurnmail.com
199.21.112.35 www.lurnmail.com
199.21.112.35 gvomail.com
199.21.112.35 www.gvomail.com

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Dell Wireless 1506 802.11b/g/n (2.4GHz) = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : SonofSam2
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wellington.local

Wireless LAN adapter Wireless Network Connection 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
 Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-22-B0-EB-66-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Connection-specific DNS Suffix . : wellington.local
Description . . . . . . . . . . . : D-Link WUA-1340 USB Adapter #2
Physical Address. . . . . . . . . : 00-22-B0-EB-66-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ed4b:8840:f723:acb7%21(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.16.161(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, May 15, 2014 12:02:58 PM
Lease Expires . . . . . . . . . . : Thursday, May 15, 2014 1:33:42 PM
Default Gateway . . . . . . . . . : 192.168.16.254
DHCP Server . . . . . . . . . . . : 192.168.16.254
DHCPv6 IAID . . . . . . . . . . . : 536879792
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-C2-7B-8D-C8-1F-66-0E-0D-EB
DNS Servers . . . . . . . . . . . : 10.220.5.1
192.1.4.78
Primary WINS Server . . . . . . . : 192.1.4.78
Secondary WINS Server . . . . . . : 10.220.5.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wellington.local
Description . . . . . . . . . . . : Dell Wireless 1506 802.11b/g/n (2.4GHz)
Physical Address. . . . . . . . . : 70-18-8B-81-0B-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C8-1F-66-0E-0D-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A212E3F6-9AD2-4F19-97CC-F9EA15719A5D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.wellington.local:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : wellington.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{58B11889-A19A-43F8-86D6-BC072927283D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: pdc01.wellington.local
Address: 10.220.5.1

Name: google.com
Addresses: 2607:f8b0:4008:805::1006
74.125.21.113
74.125.21.138
74.125.21.101
74.125.21.102
74.125.21.139
74.125.21.100

Pinging google.com [74.125.21.138] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 74.125.21.138:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server: pdc01.wellington.local
Address: 10.220.5.1

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
23...00 22 b0 eb 66 7e ......Microsoft Virtual WiFi Miniport Adapter
21...00 22 b0 eb 66 7f ......D-Link WUA-1340 USB Adapter #2
13...70 18 8b 81 0b f2 ......Dell Wireless 1506 802.11b/g/n (2.4GHz)
11...c8 1f 66 0e 0d eb ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.16.254 192.168.16.161 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.16.0 255.255.255.0 On-link 192.168.16.161 281
192.168.16.161 255.255.255.255 On-link 192.168.16.161 281
192.168.16.255 255.255.255.255 On-link 192.168.16.161 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.16.161 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.16.161 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
21 281 fe80::/64 On-link
21 281 fe80::ed4b:8840:f723:acb7/128
On-link
1 306 ff00::/8 On-link
21 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/15/2014 00:46:15 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).

Error: (05/15/2014 00:36:09 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\DrvInst.exe "4" "8" "C:\Windows\TEMP\{3186db7f-bae7-2f06-55b0-39184b05aa0d}\aswNdisFlt.inf" "9" "1" "000000000000049C" "Service-0x0-3e7$\Default" "00000000000007BC" "208" "C:\Program Files\AVAST Software\Avast\setup\Inf"; Description = Device Driver Package Install: Avast Network Service; Error = 0x81000101).

Error: (05/15/2014 00:36:09 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{604b6b45-1b17-11e3-8434-806e6f6e6963} - 0000000000000164,0x0053c008,0000000000252FF0,0,0000000000251FE0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (05/15/2014 00:26:00 PM) (Source: Windows Backup) (User: )
Description: Backup did not complete successfully because a shadow copy could not be created. Free up disk space on the drive that you are backing up by deleting unnecessary files and then try again.

Error: (05/15/2014 00:25:56 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).

Error: (05/15/2014 00:19:15 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\setup\New\instup.exe Files\AVAST Software\Avast\setup\New\instup.exe" /instop:update_vps_and_program /wait; Description = avast! antivirus system restore point; Error = 0x81000101).

Error: (05/15/2014 00:15:50 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (05/15/2014 00:15:49 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{604b6b45-1b17-11e3-8434-806e6f6e6963} - 0000000000000120,0x0053c008,0000000000251FE0,0,0000000000252FF0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (05/15/2014 00:04:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: SpeedyPC.exe, version: 3.2.0.0, time stamp: 0x52cef6d0
Faulting module name: SpeedyPC.exe, version: 3.2.0.0, time stamp: 0x52cef6d0
Exception code: 0xc0000005
Fault offset: 0x00080e72
Faulting process id: 0x804
Faulting application start time: 0xSpeedyPC.exe0
Faulting application path: SpeedyPC.exe1
Faulting module path: SpeedyPC.exe2
Report Id: SpeedyPC.exe3

Error: (05/15/2014 00:02:26 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files\AVAST Software\Avast\setup\instup.exe Files\AVAST Software\Avast\setup\instup.exe" /instop:repair; Description = avast! antivirus system restore point; Error = 0x81000101).

System errors:
=============
Error: (05/15/2014 00:54:28 PM) (Source: Service Control Manager) (User: )
Description: The F06DEFF2-5B9C-490D-910F-35D3A91196222 service failed to start due to the following error: 
%%2

Error: (05/15/2014 00:54:27 PM) (Source: Service Control Manager) (User: )
Description: The Systemk Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/15/2014 00:36:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2871997).

Error: (05/15/2014 00:36:09 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/15/2014 00:15:48 PM) (Source: volsnap) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (05/15/2014 11:55:41 AM) (Source: Service Control Manager) (User: )
Description: The ParetoLogic Internet Security service failed to start due to the following error: 
%%2

Error: (05/15/2014 11:52:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (05/15/2014 11:51:56 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service hung on starting.

Error: (05/15/2014 11:33:37 AM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/15/2014 11:33:02 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Microsoft Office Sessions:
=========================
Error: (05/15/2014 00:46:15 PM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x81000101

Error: (05/15/2014 00:36:09 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\DrvInst.exe "4" "8" "C:\Windows\TEMP\{3186db7f-bae7-2f06-55b0-39184b05aa0d}\aswNdisFlt.inf" "9" "1" "000000000000049C" "Service-0x0-3e7$\Default" "00000000000007BC" "208" "C:\Program Files\AVAST Software\Avast\setup\Inf"Device Driver Package Install: Avast Network Service0x81000101

Error: (05/15/2014 00:36:09 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{604b6b45-1b17-11e3-8434-806e6f6e6963} - 0000000000000164,0x0053c008,0000000000252FF0,0,0000000000251FE0,4096,[0])0x80070079, The semaphore timeout period has expired.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (05/15/2014 00:26:00 PM) (Source: Windows Backup)(User: )
Description: The creation of a shadow copy has timed out. Try this operation again. (0x81000101)

Error: (05/15/2014 00:25:56 PM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x81000101

Error: (05/15/2014 00:19:15 PM) (Source: System Restore)(User: )
Description: C:\Program Files\AVAST Software\Avast\setup\New\instup.exe Files\AVAST Software\Avast\setup\New\instup.exe" /instop:update_vps_and_program /waitavast! antivirus system restore point0x81000101

Error: (05/15/2014 00:15:50 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/15/2014 00:15:49 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{604b6b45-1b17-11e3-8434-806e6f6e6963} - 0000000000000120,0x0053c008,0000000000251FE0,0,0000000000252FF0,4096,[0])0x80070079, The semaphore timeout period has expired.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (05/15/2014 00:04:15 PM) (Source: Application Error)(User: )
Description: SpeedyPC.exe3.2.0.052cef6d0SpeedyPC.exe3.2.0.052cef6d0c000000500080e7280401cf7055a9229676C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exeC:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe8fac4333-dc4a-11e3-b27f-c81f660e0deb

Error: (05/15/2014 00:02:26 PM) (Source: System Restore)(User: )
Description: C:\Program Files\AVAST Software\Avast\setup\instup.exe Files\AVAST Software\Avast\setup\instup.exe" /instop:repairavast! antivirus system restore point0x81000101

CodeIntegrity Errors:
===================================
Date: 2014-05-15 12:03:09.081
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 11:51:55.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 08:20:30.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 08:09:33.534
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 07:51:26.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 07:25:36.507
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 07:20:29.651
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 06:51:26.544
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 06:18:36.504
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-05-15 06:04:36.505
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\KernelBase.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

µTorrent (Version: 3.4.1.30768)
Accidental Damage Services Agreement (Version: 2.0.0)
Adobe AIR (Version: 13.0.0.88)
Adobe Flash Player 13 Plugin (Version: 13.0.0.199)
Adobe Flash Player 14 ActiveX (Version: 14.0.0.101)
Adobe Reader Free Download Packages
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 12.1 (Version: 12.1.0.150)
Apple Application Support (Version: 2.3.6)
Apple Software Update (Version: 2.1.3.127)
Ashampoo Gadge It v.1.0.1 (Version: 1.0.1)
Ashampoo HDD Control 2 v.2.1.0 (Version: 2.1.0)
Ashampoo Internet Accelerator 3 v.3.20 (Version: 3.1.1)
Ashampoo WinOptimizer 10 v.10.3.0 (Version: 10.03.00)
Aurora 29.0a2 (x86 en-US) (Version: 29.0a2)
AutoBinaryEA (Version: 2.2.5081.18819)
AutoEABinary (Version: 2.2.5078.19205)
avast! Internet Security (Version: 9.0.2018)
Banctec Service Agreement (Version: 2.0.0)
Big Fish: Game Manager (Version: 3.2.0.7)
Binary Option Robot version 1.1 (Version: 1.1)
Buxenger (Version: 3.0.2)
CCleaner (Version: 4.12)
CDBurnerXP (Version: 4.5.3.4643)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Complete Care Business Service Agreement (Version: 2.0.0)
Consumer In-Home Service Agreement (Version: 2.0.0)
Cooking Academy: Restaurant Royale
Copernic Desktop Search 4 (Version: 4.0.5.1231)
D3DX10 (Version: 15.4.2368.0902)
Dell Digital Delivery (Version: 2.8.1000.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Home Systems Service Agreement (Version: 2.0.0)
Dell System Detect (Version: 5.4.0.4)
Dell Wireless Driver Installation (Version: 9.0)
Dell WLAN and Bluetooth Client Installation (Version: 10.0)
DesktopWeatherAlerts (Version: 1.0.29.0)
DHTML Editing Component (Version: 6.02.0001)
DivX Setup (Version: 2.6.1.100)
DownLite (Version: 1.0.0.1)
DriveImage XML (Private Edition) (Version: 2.50.000)
Easy Clone Detective (Version: 1.4)
eBay (Version: 1.4.0)
File Type Assistant (Version: 2014.3.4.0)
FileHippo.com Update Checker
Free File Viewer 2014 (Version: 2014.2.16.0)
Free ISO Creator version 2.8 (Version: 1.2)
fTalk (Version: 4.0.0.4456)
Glary Utilities 4.9 (Version: 4.9.0.99)
GomezPEER (Version: 3.2)
Google Chrome (Version: 36.0.1933.0)
Google Drive (Version: 1.15.6430.6825)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.24.7)
Idle Processor Utilization Services version IPUS 2.01 (Version: IPUS 2.01)
iLivid (Version: 5.0.0.4137)
iLivid (Version: 5.0.0.4408)
Intel(R) Control Center (Version: 1.2.1.1011)
Intel(R) Management Engine Components (Version: 9.5.23.1766)
Intel(R) Processor Graphics (Version: 9.18.10.3293)
Intel(R) Rapid Storage Technology (Version: 11.1.0.1006)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (Version: 3.0.0.66956)
Intel(R) USB 3.0 eXtensible Host Controller Driver (Version: 1.0.9.254)
Intel® Trusted Connect Service Client (Version: 1.31.8.1)
Intel® Watchdog Timer Driver (Intel® WDT)
iSpy (64 bit) (Version: 5.9.5)
Java 7 Update 10 (Version: 7.0.100)
Java 7 Update 51 (Version: 7.0.510)
Java 8 (64-bit) (Version: 8.0.0)
Java Auto Updater (Version: 2.8.00.132)
Junk Mail filter update (Version: 16.4.3522.0110)
Linkey (Version: 0.0.0.333)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 2.00.0.1000 (Version: 2.00.0.1000)
MetaTrader 4 (Version: 4.00)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft OneDrive (Version: 17.0.4035.0328)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Monitor Integrated Webcam Driver (1.00.13.0608) 
Movie Maker (Version: 16.4.3522.0110)
Mozilla Firefox 27.0 (x86 en-US) (Version: 27.0)
Mozilla Maintenance Service (Version: 29.0)
Mozilla Thunderbird 28.0 (x86 en-US) (Version: 28.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Dell (Version: 3.5.6426.22)
My Singing Monsters
MyPC Backup (Version: )
OpenOffice 4.0.1 (Version: 4.01.9714)
OpenOffice Beta 4.1.0 (Version: 4.10.9760)
PeaZip 5.3.0
Photo Gallery (Version: 16.4.3522.0110)
Premium Service Agreement (Version: 2.0.0)
Process Lasso (Version: 6.7.0.42)
PySol Fan Club edition v.2.0
PySolFC Solitaire (a freeware Solitaire Game) version 1.1
QualxServ Service Agreement (Version: 2.0.0)
QuickTime 7 (Version: 7.75.80.95)
RadarSync PC Updater 2013 (Version: 4.1.0.15591)
RealDownloader (Version: 1.7.0)
Realtek Card Reader (Version: 6.3.273.37)
Realtek Ethernet Controller Driver (Version: 7.75.827.2013)
Realtek High Definition Audio Driver (Version: 6.0.1.6554)
Recuva (Version: 1.51)
Registry Defragmentation (Version: 9.3.6.1)
Registry Defragmentation Compatibility Patch
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8)
RoboForm 7-9-6-7 (All Users) (Version: 7-9-6-7)
Settings Manager (Version: 5.0.0.12302)
Shared C Run-time for x64 (Version: 10.0.0)
Simple Search-Replace (Version: 1.08.0000)
Skype Click to Call (Version: 7.1.15383.6004)
Skype 6.14 (Version: 6.14.104)
Software Informer 1.2
Speccy (Version: 1.25)
SpeedyPC Pro (Version: 3.2.0.0)
Stardock Fences 2 (Version: 2.12)
Stardock ObjectDock (Version: 2.10)
Start Menu X version 5.02 (Version: 5.02)
Super Internet TV v8.0 (Free Edition)
swMSM (Version: 12.0.0.1)
TeraCopy 2.3
The Path of Hercules
Turbo Lister 2 (Version: 2.00.0000)
UpdateService (Version: 1.0.0)
uPlayer (Version: 1.0.0)
uTorrentMC (Version: 1.0.0.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WeatherBug (Version: 7.0.0.12)
Webshots Extractor version 1.0.0.000 (Version: 1.0.0.000)
Webshots Wallpaper & Screensaver version 1.5.0.31 (Version: 1.5.0.31)
WebsiteGenerator version 1.0 (Version: 1.0)
WhoCrashed 5.01
Windows Live Communications Platform (Version: 16.4.3522.0110)
Windows Live Essentials (Version: 16.4.3522.0110)
Windows Live Family Safety (Version: 16.4.3522.0110)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3522.0110)
Windows Live Mail (Version: 16.4.3522.0110)
Windows Live Messenger (Version: 16.4.3522.0110)
Windows Live MIME IFilter (Version: 16.4.3522.0110)
Windows Live Photo Common (Version: 16.4.3522.0110)
Windows Live PIMT Platform (Version: 16.4.3522.0110)
Windows Live SOXE (Version: 16.4.3522.0110)
Windows Live SOXE Definitions (Version: 16.4.3522.0110)
Windows Live UX Platform (Version: 16.4.3522.0110)
Windows Live UX Platform Language Pack (Version: 16.4.3522.0110)
Windows Live Writer (Version: 16.4.3522.0110)
Windows Live Writer Resources (Version: 16.4.3522.0110)
WinPatrol (Version: 30.5.2014.1)
WinUtilities Professional Edition 11.13 (Version: 11.13)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 3967.57 MB
Available physical RAM: 1959.54 MB
Total Pagefile: 7035.75 MB
Available Pagefile: 4793.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.6 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:444.06 GB) (Free:348.98 GB) NTFS
4 Drive g: (IOMEGA_HDD) (Fixed) (Total:298.02 GB) (Free:69.75 GB) FAT32

========================= Users: ========================================

User accounts for \\SONOFSAM2

Administrator Dennis Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


----------



## Satchfan (Jan 12, 2009)

Hi Dennis, let's see if we can get you online.

*Download and run Windows Repair (all in one)*


Download Windows Repair (all in one) from *here*
install and then run the program.
on the "Start Repairs" tab click *Start* 








​
at the "Repair Options" screen, be sure to select *all items*
also check *Restart System When Finished*.
now press *Start*

Once that is complete, check and see if you can get online.

Satchfan


----------



## DennisI (Apr 24, 2014)

YES!!!!!!!! That seems to have cleared, up my problems. Where do we go from here?


----------



## Satchfan (Jan 12, 2009)

Good work! We need to see what is left.

*Run OTL *


open OTL again, click on *Extra Registry -> Use Safelist*
then click *Run Scan*

Post back with the 2 logfiles, *OTL.txt* and *Extras.txt*

Thanks


----------



## DennisI (Apr 24, 2014)

OTL Extras logfile created on: 5/17/2014 3:05:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.86% Memory free
6.87 Gb Paging File | 4.96 Gb Available in Paging File | 72.16% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.06 Gb Total Space | 323.71 Gb Free Space | 72.90% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 69.76 Gb Free Space | 23.41% Space Free | Partition Type: FAT32

Computer Name: SONOFSAM2 | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB8FCBF-4755-4166-B95B-CE76272B73FC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4FB6BFC7-B366-41FC-9F40-BB5499D77F77}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B24B8F-A538-4086-B9DC-6E4AC3D1D1DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{069F3345-BDA4-4746-9334-39E17D9EBA3E}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\roaming\utorrent\utorrent.exe | 
"{076942C6-7EC5-41E1-8F8F-01C3544B0E50}" = protocol=17 | dir=in | app=c:\users\dennis\downloads\utorrent(27).exe | 
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\local\ilivid\ilivid.exe | 
"{109345B7-CC33-4520-8085-07B80C2556FD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{153C909D-980C-4BE6-B397-8DAC0EA40630}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\roaming\utorrent\utorrent.exe | 
"{16AFC7BA-045A-46C2-A251-D400B794FA07}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{266C5DDB-D240-4C78-848B-8B7D5BEB4061}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{2D08F1DA-864D-4D43-ACE4-EB7706011BE1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{352EF85F-7A9A-424E-92A3-88733E4F2A48}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\roaming\utorrent\utorrent.exe | 
"{533DEC23-E245-4280-951B-B8CBACFE816C}" = dir=in | app=c:\users\dennis\appdata\local\microsoft\skydrive\skydrive.exe | 
"{56C85B78-EAE1-49BE-A48B-65012BA11C2A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{5E130149-B9C1-4462-A7D6-9DA7B5214A82}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\roaming\utorrent\utorrent.exe | 
"{67E6AB82-B107-4F29-81B4-DE57665D48E5}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{7029336A-E7E1-47C5-9C4F-773172E3FE3C}" = protocol=6 | dir=in | app=c:\users\dennis\downloads\utorrent(27).exe | 
"{818E04AA-75FB-4FB3-9F67-C802827383E6}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\local\ilivid\ilivid.exe | 
"{BC6485CF-DF64-475E-BDE1-23643634045C}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | 
"{CA160E44-10F8-4CE3-B39A-6DBD9900C866}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe | 
"{E528A31F-B89B-4C8F-856C-9236CD0A3057}" = protocol=6 | dir=in | app=c:\program files\metatrader 5\metatester64.exe | 
"TCP Query User{98F1FA01-E974-46E2-9BDF-8D17E908D113}C:\Program Files (x86)\Gomez\GomezPEER\agents\gozilla\runtime\gozilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe | 
"TCP Query User{A6227E41-BF9C-4C42-BEF2-AAB6FF6FCCEE}C:\program files (x86)\Gomez\GomezPEER\agents\chrome\runtime\gomezchromeagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\chrome\runtime\gomezchromeagent.exe | 
"UDP Query User{3E2F35FC-4585-4A93-8F36-6FBA7CD00CE6}C:\program files (x86)\Gomez\GomezPEER\agents\chrome\runtime\gomezchromeagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\chrome\runtime\gomezchromeagent.exe | 
"UDP Query User{8BC50958-532F-4D41-9A22-35EDE009CFAD}C:\Program Files (x86)\Gomez\GomezPEER\agents\gozilla\runtime\gozilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B48F87-6485-49EC-8B7C-18EBD4DB2433}_is1" = Idle Processor Utilization Services version IPUS 2.01
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F86418005FF}" = Java 8 Update 5 (64-bit)
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X version 5.02
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2A3D27-C634-441A-B791-DBB8D70BBA51}" = iSpy (64 bit)
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{b2d30b83-97be-49a7-b0db-ee2bf3eab5b2}.sdb" = Registry Defragmentation Compatibility Patch
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"CCleaner" = CCleaner
"Creative OEM003" = Monitor Integrated Webcam Driver (1.00.13.0608) 
"MetaTrader 5" = MetaTrader 5
"PC-Doctor for Windows" = My Dell
"Recuva" = Recuva
"Software Informer_is1" = Software Informer 1.2
"Speccy" = Speccy
"TeraCopy_is1" = TeraCopy 2.3
"WhoCrashed_is1" = WhoCrashed 5.01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{06810DC6-3501-40FE-BCB3-1A7BE6398A36}" = uPlayer
"{0765012B-51F6-4868-875E-9C14755B338C}" = RealDownloader
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0A5C17E9-C6AB-4ADA-9AE8-ADAE8AE386C2}" = AutoBinaryEA
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}" = Windows Live Writer Resources
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F752D02-F576-4DD6-8DA7-E478283F455A}" = OpenOffice Beta 4.1.0
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217010F0}" = Java 7 Update 10
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{34E4731B-9C50-4A1E-85BA-11A3F8375B91}" = uTorrentMC
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1" = Ashampoo WinOptimizer 10 v.10.3.0
"{4209F371-A431-385E-2D7E-ACDA5DA3BA0B}_is1" = Ashampoo HDD Control 2 v.2.1.0
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52FFD891-6165-4644-843D-5F305F3A27CE}" = Copernic Desktop Search 4
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 5.3.1
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6152DEA9-EA0C-4013-9DBF-4A8881A7F722}" = Windows Live Family Safety
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{6F2CFD1E-9B7E-42C4-BA2E-CB414FBFD354}" = Buxenger
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype 6.16
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{85BEDB91-5AB4-4066-8946-4EE980950F82}" = Simple Search-Replace
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{91B33C97-5A0B-2CB7-3038-22701B2F2CED}_is1" = Ashampoo Gadge It v.1.0.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{99DEDC19-3106-47B4-83C0-7283C7C827BA}" = AutoEABinary
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DC527D-FA79-46E9-973F-920897CA55E9}" = Windows Live Writer
"{A83692F5-3E9B-4E95-9E7E-B5DF55E6C09D}_is1" = AOMEI Backupper Professional Edition 2.0
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{B84DEFE1-0175-47C9-BC1D-8645FCBC0ECE}_is1" = Webshots Wallpaper & Screensaver version 1.5.0.31
"{B96348BD-6B0D-42E3-80B1-FA6718067BFE}" = Dell Digital Delivery
"{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}" = Windows Live Mail
"{BAD984EE-790E-4513-A428-3BE2D426DCA7}" = Windows Live Messenger
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BEED3D31-4CF4-452E-8B55-CB4B02DAD6F4}_is1" = Binary Option Robot version 1.1
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C87EF11D-36E9-479D-9898-7541EA1E8A6A}" = OpenOffice 4.1.0
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D819DB7B-4E27-4D28-B9B2-CF152B6810E0}_is1" = WebsiteGenerator version 1.0
"{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}" = WeatherBug
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F4BB90F6-9AE0-4EF6-80CB-D163B2F3A910}_is1" = Webshots Extractor version 1.0.0.000
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities Professional Edition 11.13
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AI RoboForm" = RoboForm 7-9-6-7 (All Users)
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3 v.3.20
"Aurora 31.0a2 (x86 en-US)" = Aurora 31.0a2 (x86 en-US)
"avast" = avast! Internet Security
"BFGC" = Big Fish: Game Manager
"BFG-Cooking Academy - Restaurant Royale" = Cooking Academy: Restaurant Royale
"BFG-My Singing Monsters" = My Singing Monsters
"BFG-The Path of Hercules" = The Path of Hercules
"CopernicDesktopSearch4" = Copernic Desktop Search 4
"DivX Setup" = DivX Setup
"Easy Clone Detective1.4" = Easy Clone Detective
"FileHippo.com" = FileHippo.com Update Checker
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"FreeFileViewer_is1" = Free File Viewer 2014
"Glary Utilities 5" = Glary Utilities 5.0
"GomezPEER" = GomezPEER
"Google Chrome" = Google Chrome
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"MetaTrader 4" = MetaTrader 4
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"Mozilla Thunderbird 30.0 (x86 en-US)" = Mozilla Thunderbird 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProcessLasso" = Process Lasso
"PySol Fan Club edition_is1" = PySol Fan Club edition v.2.0
"PySolFC Solitaire_is1" = PySolFC Solitaire (a freeware Solitaire Game) version 1.1
"RadarSync PC Updater 2013_is1" = RadarSync PC Updater 2013
"Registry Defragmentation" = Registry Defragmentation
"Stardock Fences 2" = Stardock Fences 2
"Stardock ObjectDock" = Stardock ObjectDock
"Super Internet TV (Free Edition)_is1" = Super Internet TV v8.0 (Free Edition)
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Adobe Reader Free Download Packages" = Adobe Reader Free Download Packages
"DesktopWeatherAlerts" = DesktopWeatherAlerts
"OneDriveSetup.exe" = Microsoft OneDrive
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/17/2014 2:13:31 PM | Computer Name = SonofSam2 | Source = AHDDC2_Service.exe | ID = 0
Description =

Error - 5/17/2014 2:14:36 PM | Computer Name = SonofSam2 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 5/17/2014 2:15:44 PM | Computer Name = SonofSam2 | Source = Windows Search Service | ID = 9002
Description = The Windows Search Service cannot load the property store information.

Context:
Windows Application, SystemIndex Catalog Details: The content index server cannot
find a description of the content index in its database. Search will automatically
attempt to recreate the content index description. If this problem persists, stop
and restart the search service and, if necessary, delete and recreate the content
index. (HRESULT : 0x80041181) (0x80041181)

Error - 5/17/2014 2:15:44 PM | Computer Name = SonofSam2 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt.
(HRESULT : 0xc0041801) (0xc0041801)

Error - 5/17/2014 2:16:08 PM | Computer Name = SonofSam2 | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 
0x80070490) (0x80070490)

Error - 5/17/2014 2:16:08 PM | Computer Name = SonofSam2 | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801)
(0xc0041801)

Error - 5/17/2014 2:16:08 PM | Computer Name = SonofSam2 | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error - 5/17/2014 2:16:08 PM | Computer Name = SonofSam2 | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized. Details: The content index catalog 
is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error - 5/17/2014 2:16:08 PM | Computer Name = SonofSam2 | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index 
{id=4400}. The service will attempt to automatically correct this problem by rebuilding
the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801)
(0xc0041801)

Error - 5/17/2014 2:16:08 PM | Computer Name = SonofSam2 | Source = Windows Search Service | ID = 7042
Description = The Windows Search Service is being stopped because there is a problem
with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt.
(HRESULT : 0xc0041801) (0xc0041801)

Error - 5/17/2014 2:36:56 PM | Computer Name = SonofSam2 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\DivX\DivX
Media Foundation Components\DivXPropertyHandler.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 5/16/2014 5:59:06 PM | Computer Name = SonofSam2 | Source = Service Control Manager | ID = 7000
Description = The ParetoLogic Internet Security service failed to start due to the
following error: %%2

Error - 5/17/2014 3:20:23 AM | Computer Name = SonofSam2 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll
Error
Code: 14001

Error - 5/17/2014 3:23:37 AM | Computer Name = SonofSam2 | Source = Service Control Manager | ID = 7000
Description = The ParetoLogic Internet Security service failed to start due to the
following error: %%2

Error - 5/17/2014 2:14:36 PM | Computer Name = SonofSam2 | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll
Error
Code: 14001

Error - 5/17/2014 2:16:08 PM | Computer Name = SonofSam2 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error 
%%-1073473535.

Error - 5/17/2014 2:16:08 PM | Computer Name = SonofSam2 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 5/17/2014 2:16:39 PM | Computer Name = SonofSam2 | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 5/17/2014 2:16:39 PM | Computer Name = SonofSam2 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 5/17/2014 2:18:20 PM | Computer Name = SonofSam2 | Source = Service Control Manager | ID = 7000
Description = The ParetoLogic Internet Security service failed to start due to the
following error: %%2

Error - 5/17/2014 2:46:13 PM | Computer Name = SonofSam2 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Internet Explorer 11 for Windows 7 for
x64-based Systems (KB2953522).

< End of report >


----------



## DennisI (Apr 24, 2014)

OTL logfile created on: 5/17/2014 3:05:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.86% Memory free
6.87 Gb Paging File | 4.96 Gb Available in Paging File | 72.16% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070E:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.06 Gb Total Space | 323.71 Gb Free Space | 72.90% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 69.76 Gb Free Space | 23.41% Space Free | Partition Type: FAT32

Computer Name: SONOFSAM2 | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/17 15:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Downloads\OTL.exe
PRC - [2014/05/17 11:12:06 | 000,109,784 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2014/05/16 11:54:17 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/05/16 11:54:17 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/16 11:54:06 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/05/14 04:38:02 | 000,788,768 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
PRC - [2014/04/09 11:57:50 | 000,909,312 | ---- | M] (Webshots) -- C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe
PRC - [2014/04/08 18:51:06 | 000,029,912 | ---- | M] (AOMEI Tech Co., Ltd.) -- C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0\ABService.exe
PRC - [2014/03/03 09:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/03 09:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/02/25 18:52:50 | 001,568,832 | ---- | M] (Copernic, a division of N. Harris Copernic Systems) -- C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe
PRC - [2014/01/10 01:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/12/10 23:27:58 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/12/10 23:27:54 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013/11/12 11:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2013/07/18 02:44:32 | 000,292,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/06/21 04:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2012/07/30 09:48:20 | 003,783,592 | ---- | M] (Ashampoo Development GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe
PRC - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
PRC - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/02/01 04:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 04:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/04/27 23:03:30 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
PRC - [2010/11/24 00:35:56 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Gomez\GomezPEER\jre\bin\java.exe
PRC - [2007/05/19 01:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM03Mon.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/17 14:18:38 | 002,593,168 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
MOD - [2014/05/17 03:27:24 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c3d5710a2c112dd1e60f423ea0808692\IAStorUtil.ni.dll
MOD - [2014/05/17 03:24:16 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/05/14 04:39:08 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
MOD - [2014/04/03 13:06:33 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Gomez\GomezPEER\jre\bin\SystemInfo.dll
MOD - [2014/03/28 11:33:52 | 000,856,576 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\platforms\qwindows.dll
MOD - [2014/03/28 11:33:52 | 000,732,160 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\libGLESv2.dll
MOD - [2014/03/28 11:33:52 | 000,307,712 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qtiff.dll
MOD - [2014/03/28 11:33:52 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qmng.dll
MOD - [2014/03/28 11:33:52 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qjpeg.dll
MOD - [2014/03/28 11:33:52 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\CrashRpt1301.dll
MOD - [2014/03/28 11:33:52 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\libEGL.dll
MOD - [2014/03/28 11:33:52 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qgif.dll
MOD - [2014/03/28 11:33:52 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qico.dll
MOD - [2014/03/28 11:33:52 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qtga.dll
MOD - [2014/03/28 11:33:52 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Webshots\Wallpaper\imageformats\qwbmp.dll
MOD - [2014/02/28 04:13:55 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/28 04:04:42 | 001,870,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b85a411ce82ba71cd3d77c8c13794f81\System.Web.Services.ni.dll
MOD - [2014/02/28 04:04:36 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/28 04:04:22 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/28 04:04:13 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/28 04:04:07 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/28 04:04:00 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/28 04:03:59 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/28 04:03:55 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/02/28 04:03:52 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/28 04:03:51 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/28 04:03:47 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/28 04:03:46 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/28 04:03:41 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/25 18:52:52 | 001,563,200 | ---- | M] () -- C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.System.RT.dll
MOD - [2014/02/12 04:34:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:34:00 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 04:33:56 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 04:33:54 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 04:33:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 04:33:38 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/10 01:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/10 01:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/11/10 16:25:25 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/04/27 23:03:30 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
MOD - [2010/11/24 00:35:58 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Gomez\GomezPEER\jre\bin\ICE_JNIRegistry.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2014/05/16 11:54:17 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2014/05/16 11:54:06 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:*64bit:* - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:*64bit:* - [2013/08/27 15:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:*64bit:* - [2013/08/27 15:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:*64bit:* - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/17 11:13:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/14 14:59:26 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/08 18:51:06 | 000,029,912 | ---- | M] (AOMEI Tech Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0\ABService.exe -- (Backupper Service)
SRV - [2014/03/03 09:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/03 09:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/12/10 23:27:58 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/10 23:27:54 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/11/12 11:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) [Auto | Running] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/06 18:44:18 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/06/21 04:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/02/01 04:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/08/24 21:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe -- (DfSdkS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2014/05/16 17:01:20 | 000,020,672 | ---- | M] (Glarysoft Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GUBootStartup.sys -- (GUBootStartup)
DRV:*64bit:* - [2014/05/16 13:51:04 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:*64bit:* - [2014/05/16 13:51:04 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswndisflt.sys -- (aswNdisFlt)
DRV:*64bit:* - [2014/05/16 13:51:03 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:*64bit:* - [2014/05/16 13:51:02 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:*64bit:* - [2014/05/14 13:11:36 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:*64bit:* - [2014/05/14 13:11:36 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2014/05/14 13:11:36 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:*64bit:* - [2014/05/14 13:11:36 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:*64bit:* - [2014/05/14 13:11:35 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2014/03/21 17:04:47 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:*64bit:* - [2014/01/24 13:23:28 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:*64bit:* - [2014/01/03 13:33:52 | 000,271,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2013/12/28 03:35:52 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2013/12/10 23:27:54 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:*64bit:* - [2013/09/03 13:52:04 | 004,445,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2013/08/27 15:08:42 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2013/07/18 02:43:40 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:*64bit:* - [2013/07/18 02:43:40 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:*64bit:* - [2013/07/18 02:43:40 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:*64bit:* - [2013/07/01 15:17:12 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2013/07/01 15:17:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2013/07/01 15:17:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2013/06/24 23:56:16 | 003,979,776 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2013/05/21 17:38:50 | 000,036,096 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:*64bit:* - [2013/05/07 14:27:12 | 000,151,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\ammntdrv.sys -- (ammntdrv)
DRV:*64bit:* - [2013/05/07 14:27:12 | 000,030,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\ambakdrv.sys -- (ambakdrv)
DRV:*64bit:* - [2013/02/06 15:52:48 | 000,017,848 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\amwrtdrv.sys -- (amwrtdrv)
DRV:*64bit:* - [2012/09/20 05:11:58 | 000,258,848 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:*64bit:* - [2012/09/20 05:11:58 | 000,086,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:*64bit:* - [2012/09/20 05:11:58 | 000,061,216 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:*64bit:* - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:*64bit:* - [2012/09/12 20:19:34 | 000,120,064 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:*64bit:* - [2012/09/12 03:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:*64bit:* - [2012/02/01 20:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2011/10/05 10:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:*64bit:* - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/08/18 02:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:*64bit:* - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:*64bit:* - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:*64bit:* - [2007/06/08 01:00:02 | 000,212,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM03Afx.sys -- (OEM03Afx)
DRV:*64bit:* - [2007/04/25 01:00:00 | 000,266,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM03Vid.sys -- (OEM03Vid)
DRV:*64bit:* - [2007/03/05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM03Vfx.sys -- (OEM03Vfx)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE:*64bit:* - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {2D8FAFFE-9B47-42D5-8278-5AC97754C495}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:*64bit:* - HKLM\..\SearchScopes\{371B386D-5E2A-4F14-B1EC-0AC31014AFBF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
IE:*64bit:* - HKLM\..\SearchScopes\{49C75C73-8869-A5C9-7078-423A0CB9E70B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE:*64bit:* - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB
IE:*64bit:* - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}
IE:*64bit:* - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE:*64bit:* - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com [binary data]
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=492&aid=100&itype=n&ver=11471&tm=308&src=hmp
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.trafficswarm.com/cgi-bin/swarm.cgi?580801&7eabee3d751819ebb16f20b07f47d95f
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.11alive.com/"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0%7D:1.2.7.0
FF - prefs.js..extensions.enabledAddons: %7B771f3037-9885-4423-b50f-a5ede4854e26%7D:1.300.436.1
FF - prefs.js..extensions.enabledAddons: %7B37F9163C-392F-354F-E58C-3C8922A98E9E%7D:5.0.0.12627
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: s3download%40statusbar:2.12
FF - prefs.js..extensions.enabledAddons: %7B70df8d13-bdd3-448e-944c-efde21b77161%7D:10.30.1.502
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://www.inboxdollars.com/search/results?ourmark=3&q="
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_101.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_101.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Dennis\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dennis\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 31.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 31.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2014/05/17 11:13:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/16 11:54:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{10E4285F-D79B-4147-9447-81DFF109A394}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/31 16:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/31 16:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014/05/17 11:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/16 11:47:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/02/27 16:49:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/05/16 11:47:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\EXTENSIONS\\{b9aa91db-385d-4c69-8a2f-96790aa9405b}: c:\program files (x86)\copernic\desktopsearch4\firefoxconnector [2014/05/16 11:47:25 | 000,000,000 | ---D | M]

[2014/04/25 17:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Extensions
[2014/05/16 15:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions
[2014/05/16 11:47:39 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}
[2014/05/16 23:55:18 | 000,000,000 | ---D | M] (ClixSense.com) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{70df8d13-bdd3-448e-944c-efde21b77161}
[2014/04/25 17:35:08 | 000,000,000 | ---D | M] (ArcadeParlor) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
[2013/10/31 12:03:58 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]
[2013/10/31 14:46:40 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]
[2013/10/31 12:02:09 | 000,328,123 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]
[2014/05/16 15:46:53 | 000,345,537 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\[email protected]
[2013/10/31 13:13:08 | 000,009,253 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi
[2014/05/15 16:20:26 | 000,970,029 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
[2014/02/09 13:38:56 | 000,556,273 | ---- | M] () (No name found) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}.xpi
[2014/05/15 16:18:05 | 000,002,579 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\searchplugins\default-search.xml
[2014/05/02 20:58:31 | 000,001,354 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\searchplugins\search-with-inboxdollars.xml
[2014/05/17 11:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/17 11:17:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/16 11:54:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_2\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.0.9_0\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_2\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnnbdaahphjgdgfhliignpepgnbnfomp\4.0.4_4\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.7.0_4\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_5\
CHR - Extension: No name found = C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob\7.9.4.4_0\

O1 HOSTS File: ([2014/05/16 13:02:02 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (no name) - {11111111-1111-1111-1111-110511071176} - No CLSID value found.
O2:*64bit:* - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:*64bit:* - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:*64bit:* - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:*64bit:* - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:*64bit:* - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:*64bit:* - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:*64bit:* - HKLM..\Run: [Ashampoo HDD-Control 2 Guard] C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe (Ashampoo Development GmbH & Co. KG)
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [Copernic Desktop Search 4] C:\Program Files (x86)\Copernic\DesktopSearch4\Copernic.DesktopSearch.exe (Copernic, a division of N. Harris Copernic Systems)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [DellSystemDetect] C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe (Glarysoft Ltd)
O4 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Users\Dennis\AppData\Local\WeatherAlerts\WeatherAlerts.exe ()
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots Wallpaper & Screensaver.lnk = C:\Program Files (x86)\Webshots\Wallpaper\WallScreen.exe (Webshots)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:*64bit:* - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8:*64bit:* - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8:*64bit:* - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8:*64bit:* - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html File not found
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html File not found
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html File not found
O9:*64bit:* - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:*64bit:* - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.220.5.1 192.1.4.78
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{614A7897-5369-4AF6-85EC-18F220588CB2}: DhcpNameServer = 10.220.5.1 192.1.4.78
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A900F906-1F5E-44FB-93E3-B8E605939FD8}: DhcpNameServer = 10.220.5.1 192.1.4.78
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:*64bit:* - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O27:*64bit:* - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/31 18:14:36 | 000,000,302 | ---- | M] () - G:\AUTOEXEC.001 -- [ FAT32 ]
O32 - AutoRun File - [2002/07/14 16:14:06 | 000,000,214 | ---- | M] () - G:\AUTOEXEC.CAM -- [ FAT32 ]
O32 - AutoRun File - [2000/08/09 10:26:38 | 000,000,079 | -HS- | M] () - G:\AUTOEXEC.DOS -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll) - File not found
O36 - AppCertDlls: x86 - (c:\program files (x86)\settings manager\systemk\sysapcrt.dll) - File not found
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/17 14:47:06 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/17 14:47:06 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/17 13:44:04 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\SpeedyPC Software
[2014/05/17 13:44:04 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\DriverCure
[2014/05/17 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2014/05/17 13:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2014/05/17 13:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2014/05/17 13:15:31 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/17 11:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2014/05/17 03:02:04 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/05/17 03:02:04 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/05/17 03:01:59 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/05/17 03:01:52 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/05/17 03:01:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/05/17 03:01:51 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/05/17 03:01:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/05/17 03:01:49 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/05/17 03:01:49 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/05/17 03:01:49 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/05/17 03:01:49 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/05/17 03:01:49 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/05/17 03:01:49 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/05/17 03:01:48 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/05/17 03:01:48 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/05/17 03:01:48 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/05/17 03:01:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/05/17 03:01:48 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/05/17 03:01:47 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/05/17 03:01:45 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/05/17 03:01:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/05/17 03:01:44 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/05/17 03:01:44 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/05/17 03:01:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/05/17 03:01:43 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/05/17 03:01:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/05/17 03:01:40 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/05/17 03:01:40 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/05/17 03:01:37 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/05/16 18:06:07 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/16 18:05:39 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/16 18:05:38 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/16 18:05:38 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/16 18:05:37 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/16 18:05:35 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/16 18:05:35 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/16 18:05:35 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/16 18:05:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/16 18:05:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/16 18:05:33 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/16 18:05:33 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/16 18:05:33 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/16 18:05:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/16 18:05:33 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/16 18:05:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/16 18:05:33 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/16 18:05:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/16 18:05:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/16 18:05:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/16 18:05:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/16 18:05:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/16 18:05:32 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/16 18:05:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/16 17:09:25 | 003,899,872 | ---- | C] (MetaQuotes Software Corp.) -- C:\Windows\SysNative\MetaViewer64.dll
[2014/05/16 17:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 5
[2014/05/16 17:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\MetaTrader 5
[2014/05/16 17:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
[2014/05/16 17:01:20 | 000,020,672 | ---- | C] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2014/05/16 17:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities 5
[2014/05/16 16:47:52 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Software Informer
[2014/05/16 16:44:01 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/05/16 16:36:09 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Windows Live
[2014/05/16 16:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/05/16 16:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/16 16:22:40 | 000,313,256 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/16 16:22:36 | 000,191,400 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/16 16:22:36 | 000,190,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/16 16:22:36 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/16 16:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/05/16 16:06:45 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
[2014/05/16 13:11:00 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/05/16 13:06:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/05/16 12:30:39 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/05/16 12:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/05/16 12:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/05/16 12:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AomeiBR
[2014/05/16 12:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Professional Edition 2.0
[2014/05/16 12:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0
[2014/05/15 21:50:15 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/15 16:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\systemk
[2014/05/14 13:11:35 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/14 13:11:33 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswndisflt.sys
[2014/05/13 22:38:29 | 014,175,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shell32(1046).dll
[2014/05/13 22:38:28 | 012,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shell32(1056).dll
[2014/05/13 22:37:24 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv(1041).dll
[2014/05/13 22:37:23 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos(1039).dll
[2014/05/13 22:37:22 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon(1053).exe
[2014/05/13 22:37:22 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0(1043).dll
[2014/05/13 22:37:20 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase(1040).dll
[2014/05/13 22:37:20 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KernelBase(1055).dll
[2014/05/13 22:37:20 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdigest(1051).dll
[2014/05/13 22:37:20 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSpkg(1049).dll
[2014/05/13 22:37:19 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schannel(1044).dll
[2014/05/13 22:37:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli(1047).dll
[2014/05/13 22:37:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sspicli(1057).dll
[2014/05/13 22:37:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsass(1042).exe
[2014/05/13 22:37:19 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv(1048).dll
[2014/05/13 22:37:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32(1045).dll
[2014/05/13 22:37:19 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credssp(1036).dll
[2014/05/13 20:18:43 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil(1038).dll
[2014/05/13 20:18:43 | 002,178,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil(1054).dll
[2014/05/13 20:18:42 | 001,789,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet(1059).dll
[2014/05/13 20:18:41 | 002,260,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet(1052).dll
[2014/05/13 20:18:41 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon(1050).dll
[2014/05/13 20:18:41 | 001,143,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon(1058).dll
[2014/05/13 17:24:56 | 000,000,000 | -HSD | C] -- C:\Users\Dennis\AppData\Local\EmieUserList
[2014/05/13 17:24:56 | 000,000,000 | -HSD | C] -- C:\Users\Dennis\AppData\Local\EmieSiteList
[2014/05/13 16:02:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/13 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Commander
[2014/05/13 14:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Commander
[2014/05/13 14:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MeeSoft
[2014/05/13 03:30:51 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil(1004).dll
[2014/05/13 03:30:51 | 002,178,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil(1022).dll
[2014/05/13 03:30:51 | 001,789,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet(1028).dll
[2014/05/13 03:30:50 | 002,260,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet(1020).dll
[2014/05/13 03:30:50 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon(1016).dll
[2014/05/13 03:30:50 | 001,143,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon(1026).dll
[2014/05/11 17:44:00 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/05/11 17:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2014/05/10 19:30:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/05/10 19:29:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/05/09 11:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RogueKiller
[2014/05/09 00:36:27 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/07 16:27:22 | 000,000,000 | ---D | C] -- C:\BigFishCache
[2014/05/06 16:36:21 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\FileTypeAssistant
[2014/05/02 20:48:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/02 11:29:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/29 14:47:48 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\FreeFileViewer
[2014/04/27 10:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Copernic
[2014/04/26 15:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2014/04/25 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Genieo
[2014/04/25 17:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2014/04/25 17:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2014/04/25 17:35:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
[2014/04/25 17:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/04/25 17:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/04/25 17:34:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Yahoo!
[2014/04/22 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Fugazo
[2013/12/15 12:57:49 | 000,974,848 | ---- | C] (Uderzo Software e Consulenza Informatica) -- C:\Program Files (x86)\SpaceSniffer.exe
[2013/11/01 17:25:59 | 000,445,079 | ---- | C] (RapidResultsMethod) -- C:\Program Files (x86)\Fibo-Vector.exe
[2013/11/01 17:13:32 | 005,525,504 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\wmp.dll
[2013/11/01 17:13:32 | 000,110,592 | ---- | C] (SatelliteTVtoPC.com) -- C:\Program Files (x86)\SatelliteTVforPC.exe
[2010/02/17 22:25:55 | 000,895,503 | ---- | C] (free-windows-registry-cleaner.com ) -- C:\Users\Dennis\free-wrc.exe
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/17 14:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/17 14:43:41 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2014/05/17 14:43:14 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro Startup.job
[2014/05/17 14:24:07 | 000,028,352 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/17 14:24:07 | 000,028,352 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/17 14:24:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3246782875-1836535004-4075896310-1000UA.job
[2014/05/17 14:20:44 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/17 14:18:14 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2014/05/17 14:16:47 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/05/17 14:15:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/17 14:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/17 14:14:22 | 3120,218,112 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/17 13:43:56 | 000,001,207 | ---- | M] () -- C:\Users\Dennis\Desktop\SpeedyPC Pro.lnk
[2014/05/17 13:24:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3246782875-1836535004-4075896310-1000Core.job
[2014/05/17 13:15:21 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/17 13:15:18 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/17 13:15:18 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/17 13:15:18 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/17 11:18:39 | 000,000,009 | ---- | M] () -- C:\END
[2014/05/17 11:17:11 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/17 04:18:00 | 000,000,573 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro_sch_EF6F6128-96E0-11E3-BEA5-C81F660E0DEB.job
[2014/05/16 23:49:38 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Aurora.lnk
[2014/05/16 18:11:43 | 000,001,024 | -H-- | M] () -- C:\SYSTAG.BIN
[2014/05/16 18:11:42 | 000,000,082 | ---- | M] () -- C:\Windows\SysWow64\winsevr.dat
[2014/05/16 18:00:00 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2014/05/16 17:54:54 | 000,301,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/16 17:11:38 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Registry Defragmentation.lnk
[2014/05/16 17:09:23 | 003,899,872 | ---- | M] (MetaQuotes Software Corp.) -- C:\Windows\SysNative\MetaViewer64.dll
[2014/05/16 17:09:23 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\MetaTrader 5.lnk
[2014/05/16 17:07:31 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/16 17:04:16 | 000,002,102 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\iSpy.lnk
[2014/05/16 17:04:16 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\iSpy.lnk
[2014/05/16 17:04:08 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\iSpy64.lnk
[2014/05/16 17:01:23 | 000,001,110 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/05/16 17:01:23 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/05/16 17:01:20 | 000,020,672 | ---- | M] (Glarysoft Ltd) -- C:\Windows\SysNative\drivers\GUBootStartup.sys
[2014/05/16 16:59:43 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2014/05/16 16:52:09 | 000,001,257 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo HDD Control 2.lnk
[2014/05/16 16:52:09 | 000,000,213 | ---- | M] () -- C:\Users\Public\Desktop\Your Software Deals.url
[2014/05/16 16:33:12 | 000,000,816 | ---- | M] () -- C:\Users\Dennis\Desktop\µTorrent.lnk
[2014/05/16 16:33:12 | 000,000,796 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/05/16 16:31:28 | 000,002,116 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/05/16 16:31:28 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/05/16 16:30:06 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2014/05/16 16:25:53 | 000,000,985 | ---- | M] () -- C:\Users\Dennis\Desktop\PeaZip.lnk
[2014/05/16 16:22:33 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/05/16 16:22:32 | 000,313,256 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/05/16 16:22:32 | 000,191,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/05/16 16:22:32 | 000,190,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/05/16 16:17:32 | 000,002,285 | ---- | M] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/16 16:17:32 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/16 16:12:46 | 000,001,578 | ---- | M] () -- C:\Users\Dennis\Desktop\DivX Movies.lnk
[2014/05/16 16:12:35 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2014/05/16 16:12:19 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2014/05/16 16:09:13 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/16 16:06:45 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
[2014/05/16 13:51:04 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/16 13:51:04 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswndisflt.sys
[2014/05/16 13:51:03 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/16 13:51:02 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/16 13:14:48 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/16 13:14:48 | 000,650,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/16 13:14:48 | 000,118,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/16 13:07:27 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/05/16 13:02:02 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/05/16 12:56:01 | 000,781,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/16 12:25:14 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-SONOFSAM2-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/05/16 12:21:30 | 000,002,165 | ---- | M] () -- C:\Users\Dennis\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/05/16 12:13:56 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\AOMEI Backupper Professional Edition 2.0.lnk
[2014/05/16 11:54:43 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2014/05/16 11:54:43 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/05/14 17:38:11 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\pcupdater_UPDATES.job
[2014/05/14 16:37:59 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Binary Option Robot.lnk
[2014/05/14 14:59:26 | 000,698,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 14:59:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/14 13:11:36 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/05/14 13:11:36 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/05/14 13:11:36 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/05/14 13:11:36 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/05/14 13:11:36 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/14 13:11:35 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/05/14 13:11:35 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/13 14:01:21 | 000,012,311 | ---- | M] () -- C:\Users\Dennis\Documents\bookmarks-2014-05-13.json
[2014/05/12 14:18:38 | 000,034,021 | ---- | M] () -- C:\otllogs.zip
[2014/05/10 20:39:25 | 000,056,536 | ---- | M] () -- C:\c and t logs.zip
[2014/05/10 19:22:36 | 004,143,997 | ---- | M] () -- C:\Users\Dennis\Desktop\tdsskiller(1).zip
[2014/05/09 02:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 02:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/06 19:48:31 | 000,000,507 | ---- | M] () -- C:\Users\Dennis\Documents\Documents
[2014/05/06 15:20:08 | 000,001,055 | ---- | M] () -- C:\Users\Dennis\Desktop\Search.lnk
[2014/05/06 15:17:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\License_Time.rdat
[2014/05/05 23:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/05 22:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/03 18:43:27 | 000,050,044 | ---- | M] () -- C:\Users\Dennis\Documents\AdwCleaner[S0].zip
[2014/04/29 14:16:23 | 000,000,514 | ---- | M] () -- C:\Users\Dennis\Documents\Winsoc reset.rtf
[2014/04/25 12:29:25 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/16 17:09:23 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\MetaTrader 5.lnk
[2014/05/16 17:01:23 | 000,001,110 | ---- | C] () -- C:\Users\Dennis\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk
[2014/05/16 17:01:23 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
[2014/05/16 17:01:23 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Glary Utilities 5.lnk
[2014/05/16 17:01:22 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 5.job
[2014/05/16 16:33:12 | 000,000,816 | ---- | C] () -- C:\Users\Dennis\Desktop\µTorrent.lnk
[2014/05/16 16:06:45 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
[2014/05/16 12:25:14 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-SONOFSAM2-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/05/16 12:21:30 | 000,002,165 | ---- | C] () -- C:\Users\Dennis\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/05/16 12:15:32 | 000,001,024 | -H-- | C] () -- C:\SYSTAG.BIN
[2014/05/16 12:14:03 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\winsevr.dat
[2014/05/16 12:13:56 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\AOMEI Backupper Professional Edition 2.0.lnk
[2014/05/16 12:13:42 | 000,151,480 | ---- | C] () -- C:\Windows\SysNative\ammntdrv.sys
[2014/05/16 12:13:42 | 000,030,648 | ---- | C] () -- C:\Windows\SysNative\ambakdrv.sys
[2014/05/16 12:13:42 | 000,017,848 | ---- | C] () -- C:\Windows\SysNative\amwrtdrv.sys
[2014/05/14 13:11:56 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/13 14:01:21 | 000,012,311 | ---- | C] () -- C:\Users\Dennis\Documents\bookmarks-2014-05-13.json
[2014/05/12 14:18:38 | 000,034,021 | ---- | C] () -- C:\otllogs.zip
[2014/05/10 20:39:25 | 000,056,536 | ---- | C] () -- C:\c and t logs.zip
[2014/05/10 19:22:18 | 004,143,997 | ---- | C] () -- C:\Users\Dennis\Desktop\tdsskiller(1).zip
[2014/05/07 11:11:02 | 000,000,009 | ---- | C] () -- C:\END
[2014/05/06 19:48:31 | 000,000,507 | ---- | C] () -- C:\Users\Dennis\Documents\Documents
[2014/05/06 14:48:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\License_Time.rdat
[2014/05/03 18:43:27 | 000,050,044 | ---- | C] () -- C:\Users\Dennis\Documents\AdwCleaner[S0].zip
[2014/04/29 14:16:23 | 000,000,514 | ---- | C] () -- C:\Users\Dennis\Documents\Winsoc reset.rtf
[2014/04/25 12:29:25 | 000,003,304 | ---- | C] () -- C:\bootsqm.dat
[2014/01/28 18:17:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/12/11 22:21:45 | 000,004,608 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/26 16:25:53 | 000,007,609 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2013/11/01 17:25:59 | 006,540,800 | ---- | C] () -- C:\Program Files (x86)\Binary Wealth Bot.exe
[2013/11/01 17:25:59 | 005,117,440 | ---- | C] () -- C:\Program Files (x86)\Binary Signals Bot.exe
[2013/11/01 17:25:59 | 000,035,244 | ---- | C] () -- C:\Program Files (x86)\BinaryArbitrages.air
[2013/11/01 17:25:59 | 000,024,766 | ---- | C] () -- C:\Program Files (x86)\list10.ini
[2013/11/01 17:25:59 | 000,024,022 | ---- | C] () -- C:\Program Files (x86)\list8.ini
[2013/11/01 17:25:59 | 000,024,002 | ---- | C] () -- C:\Program Files (x86)\list8old.ini
[2013/11/01 17:25:59 | 000,023,906 | ---- | C] () -- C:\Program Files (x86)\list13.ini
[2013/11/01 17:25:59 | 000,023,118 | ---- | C] () -- C:\Program Files (x86)\list9.ini
[2013/11/01 17:25:59 | 000,021,982 | ---- | C] () -- C:\Program Files (x86)\list11.ini
[2013/11/01 17:25:59 | 000,020,890 | ---- | C] () -- C:\Program Files (x86)\list4.ini
[2013/11/01 17:25:59 | 000,020,758 | ---- | C] () -- C:\Program Files (x86)\list3.ini
[2013/11/01 17:25:59 | 000,018,702 | ---- | C] () -- C:\Program Files (x86)\list12.ini
[2013/11/01 17:25:59 | 000,016,338 | ---- | C] () -- C:\Program Files (x86)\list5.ini
[2013/11/01 17:25:59 | 000,010,918 | ---- | C] () -- C:\Program Files (x86)\list6.ini
[2013/11/01 17:25:59 | 000,009,726 | ---- | C] () -- C:\Program Files (x86)\list7.ini
[2013/11/01 17:25:59 | 000,000,174 | ---- | C] () -- C:\Program Files (x86)\list.ini
[2013/11/01 17:13:32 | 000,561,288 | ---- | C] () -- C:\Program Files (x86)\Robot Manual and User Guide.pdf
[2013/11/01 17:13:32 | 000,434,914 | ---- | C] () -- C:\Program Files (x86)\TPISystem.pdf
[2013/11/01 17:13:32 | 000,325,952 | ---- | C] () -- C:\Program Files (x86)\lua5.1.dll
[2013/11/01 17:13:32 | 000,023,410 | ---- | C] () -- C:\Program Files (x86)\list15.ini
[2013/11/01 17:13:32 | 000,022,018 | ---- | C] () -- C:\Program Files (x86)\list17.ini
[2013/11/01 17:13:32 | 000,015,766 | ---- | C] () -- C:\Program Files (x86)\list14.ini
[2013/11/01 17:13:32 | 000,012,694 | ---- | C] () -- C:\Program Files (x86)\list16.ini
[2013/11/01 17:13:32 | 000,012,454 | ---- | C] () -- C:\Program Files (x86)\list18.ini
[2013/11/01 17:13:32 | 000,011,909 | ---- | C] () -- C:\Program Files (x86)\Screen.png
[2013/11/01 17:13:32 | 000,011,614 | ---- | C] () -- C:\Program Files (x86)\list33.ini
[2013/11/01 17:13:32 | 000,003,727 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/10/30 16:22:35 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/09/23 18:25:56 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/09/23 18:25:55 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/09/23 18:25:55 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/09/11 14:56:35 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/09/11 14:56:34 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/08/05 12:00:26 | 000,024,036 | ---- | C] () -- C:\Users\Dennis\SDActivate.lng
[2010/10/24 17:24:04 | 000,000,857 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel
[2010/02/17 21:16:00 | 004,345,856 | ---- | C] () -- C:\Users\Dennis\s-1-5-21-866733348-1555914634-3150776905-1006.rrr
[2010/02/03 21:29:03 | 050,325,504 | ---- | C] () -- C:\Users\Dennis\Paragon-125-PEE_LinuxRCD_9.0.9.8679_002.iso
[2009/12/24 14:46:13 | 000,000,166 | ---- | C] () -- C:\Users\Dennis\Compress.res

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:E2295807
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:A2907225
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:5ED747B8
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:6E6A4F42
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:165AF2C6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A745DB5D

< End of report >


----------



## Satchfan (Jan 12, 2009)

Thanks, you've done a good job.

Please bear with me Dennis because our time differences are a bit of a problem but I'll look at the logs and reply as soon as I can.

We are probably nearly there now so hang in there!!


----------



## DennisI (Apr 24, 2014)

It is looking good!


----------



## Satchfan (Jan 12, 2009)

Things are looking much healthier now Dennis.

*Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below. *

*Run OTL*


double click on the icon to run it.
copy/paste *ALL* the following text written *inside the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL

*


Code:


:Services

:OTL
MOD - [2014/05/17 14:18:38 | 002,593,168 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Temp\SevenZipJBinding-N8q7X\lib7-Zip-JBinding.dll
IE:64bit: - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2D8FAFFE-9B47-42D5-8278-5AC97754C495}
IE:64bit: - HKLM\..\SearchScopes\{371B386D-5E2A-4F14-B1EC-0AC31014AFBF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
IE:64bit: - HKLM\..\SearchScopes\{49C75C73-8869-A5C9-7078-423A0CB9E70B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.startsearcher.com/?q={searchTerms}&src=IETB
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.trafficswarm.com/cgi-bin/...6f20b07f47d95f
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
IE - HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12302&tm=308&src=ds&p={searchTerms}
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Dennis\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll File not found
O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110511071176} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O36 - AppCertDlls: x64 - (c:\program files (x86)\settings manager\systemk\x64\sysapcrt.dll) - File not found
O36 - AppCertDlls: x86 - (c:\program files (x86)\settings manager\systemk\sysapcrt.dll) - File not found
@Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:E2295807
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:A2907225
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:5ED747B8
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:6E6A4F42
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:165AF2C6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A745DB5D

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[Reboot]

*
click the *Run Fix* button at the top
let the program run unhindered, reboot when it is done
please post the OTL fix log.

===================================================

*Run Security Check*

Download *Security Check* by screen317 from *here* or *here*.


save it to your Desktop.
double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
a Notepad document should open automatically called *checkup.txt*; please post the contents of that document.
===================================================

Please update and run Malwarebytes and post the resulting logs, not attach them.

Logs to include in the next post:

*OTL fix log
Checkup.txt
Mbam.txt*

Can you tell me how your computer is running and if there are any outstanding problems.

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

The computer seems to be running normally.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{371B386D-5E2A-4F14-B1EC-0AC31014AFBF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371B386D-5E2A-4F14-B1EC-0AC31014AFBF}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49C75C73-8869-A5C9-7078-423A0CB9E70B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49C75C73-8869-A5C9-7078-423A0CB9E70B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ not found.
HKU\S-1-5-21-3246782875-1836535004-4075896310-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tightropeinteractive.com/Plugin\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511071176}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully.
ADS C:\ProgramData\TEMP:E2295807 deleted successfully.
ADS C:\ProgramData\TEMP:A2907225 deleted successfully.
ADS C:\ProgramData\TEMP:5ED747B8 deleted successfully.
ADS C:\ProgramData\TEMP:6E6A4F42 deleted successfully.
ADS C:\ProgramData\TEMP:2CB9631F deleted successfully.
ADS C:\ProgramData\TEMP:165AF2C6 deleted successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
ADS C:\ProgramData\TEMP:A745DB5D deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dennis\Downloads\cmd.bat deleted successfully.
C:\Users\Dennis\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dennis
->Temp folder emptied: 19831104 bytes
->Temporary Internet Files folder emptied: 1047514 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21919003 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3412 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 276046 bytes

Total Files Cleaned = 41.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05182014_121408

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## DennisI (Apr 24, 2014)

Results of screen317's Security Check version 0.99.83 
Windows 7 Service Pack 1 x64 *(UAC is disabled!)* 
Internet Explorer 11 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Windows Firewall Disabled! 
avast! Antivirus 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Java 7 Update 10 
Java 7 Update 55 
Adobe Flash Player 14.0.0.101 
Adobe Reader XI 
Mozilla Firefox (29.0.1) 
Mozilla Thunderbird (30.0.) 
Google Chrome 36.0.1933.0 
Google Chrome 36.0.1985.5 
*````````Process Check: objlist.exe by Laurent````````* 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast afwServ.exe 
AVAST Software Avast AvastUI.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 2% 
*````````````````````End of Log``````````````````````*

Malwarebytes says it put the log in the LOGS folder, but if I have one I sure can't find it. It did report finding 5 items which I quarantined.


----------



## DennisI (Apr 24, 2014)

I found this. Hope it is what you need.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/18/2014
Scan Time: 1:00:49 PM
Logfile: 
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.18.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dennis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271026
Time Elapsed: 17 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7FBC7ADD-4D75-4685-9BD4-30D3FBDD3AB4}, Quarantined, [f3eb77db017a51e55a768ba0956d8b75], 
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [f3eb5af8d2a9092d0fc12efd9c667888], 
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [f3eb5af8d2a9092d0fc12efd9c667888], 
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0C9EF1-B2AD-407B-9707-0124CC9BF85E}, Quarantined, [f3eb5af8d2a9092d0fc12efd9c667888], 
PUP.Optional.GreatArcadeHits.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{5530C971-3D8F-471B-AC49-4CC23FA955E2}, Quarantined, [6f6fe270512a79bda12fe6451de540c0], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-7.5, Quarantined, [34aa1b378feca98d06859000e31fe818], 
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3246782875-1836535004-4075896310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [04da3a181368ba7c554aeda8ea18a35d], 
PUP.Optional.WeatherAlerts, HKU\S-1-5-21-3246782875-1836535004-4075896310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DesktopWeatherAlerts, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae],

Registry Values: 1
PUP.Optional.FindWide, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://search.findwide.com/?guid={62EF4C12-9555-430B-B033-BE3C5B2FF1CA}&serpv=22, Quarantined, [716d8ac81467fa3c6e5ce7dd4eb54fb1]

Registry Data: 0
(No malicious items detected)

Folders: 10
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\Local_Weather_LLC, Quarantined, [746a173bd9a2171fbb47571d18ea5aa6], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_f440o2wnhftxi2septmrj3fz2fgc52gv, Quarantined, [746a173bd9a2171fbb47571d18ea5aa6], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_f440o2wnhftxi2septmrj3fz2fgc52gv\1.4.0.0, Quarantined, [746a173bd9a2171fbb47571d18ea5aa6], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.ValueApps.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\valueApps, Quarantined, [87575002710a181ee1f3fb7c5ea4cd33], 
PUP.Optional.ValueApps.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\valueApps\CT2192277, Quarantined, [87575002710a181ee1f3fb7c5ea4cd33], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk, Quarantined, [88567bd72a51c076598cb2c625ddac54], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64, Quarantined, [88567bd72a51c076598cb2c625ddac54],

Files: 41
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, Quarantined, [518d252d7902a98da61d5133c9396d93], 
PUP.Optional.DefaultSearch.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\searchplugins\default-search.xml, Quarantined, [7569163c6318cf67fcfd840b33cf22de], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, Quarantined, [bb233b17cdaed3639b5f414e45bd2dd3], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk, Quarantined, [3ba373df0b70e05681b97329ac561fe1], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_f440o2wnhftxi2septmrj3fz2fgc52gv\1.4.0.0\user.config, Quarantined, [746a173bd9a2171fbb47571d18ea5aa6], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.config, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe.config, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\uninstall.exe, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\WAUpdater.exe, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\WAUpdater.exe.config, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\WeatherAlerts.exe, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.WeatherAlerts, C:\Users\Dennis\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config, Quarantined, [27b7b9994b30eb4b7d86afc5d23052ae], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\03efe7e713c26bca18bd6f36137dddd2.0, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\054a4270b87b87f5e9ec964b21613b46, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\0a7b4732362c02e88c8ab362287cacae, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\110983111e9820714a5aa63092231a99, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\1d78da8c7e8fd03777c0810110e5cab1, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\398e65cdc12900eef1a4dc76ed323537, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\3bca67bbc1c5cae62fde4c450261c552, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\4f9ad6a60bb62abd6506e3b3c60f4836.0, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\6804d0b313739f5a019a507e763b4246, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\72575d1a90ed0ec9de47748564df045c, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\74491e049faa08882f9dcca58e037c2c.0, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\7a75293c10dea462b57b2c6c86f5ba2e.0, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\a86dc803824bd37c6b17c79e20d6498f, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\b09874bdd4af8e35170dbc0ef9d84eac, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\bb8a30daf07989adecb0fda8268a1a24.0, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\cd346ec8bdc47dcea996870a2400d462.0, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\d19d80db84c85c9a411e0fdd42ab8398.0, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\d50021b1349e0961aa2c351b2425d2db, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\f4c4d21183a3398d1b08fb556ac528fd, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\f5c2ffe039c819997952b8cdd631c3e3, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\f83257a620c498b42b9d71229c740a44, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\f85519d497d260de3587e4883601b628.0, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\tb.xml, Quarantined, [ce10c19142391323ee9d492e59a945bb], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt(1030).dll, Quarantined, [88567bd72a51c076598cb2c625ddac54], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt(971).dll, Quarantined, [88567bd72a51c076598cb2c625ddac54], 
PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt(997).dll, Quarantined, [88567bd72a51c076598cb2c625ddac54],

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## Satchfan (Jan 12, 2009)

You did well running Malwarebytes and many things were Quarantined but for them to be removed the computer needs to be allowed to Reboot afterwards.

Please run Malwarebytes again and when it has completed, a log report will open in Notepad.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click *OK* to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. *Failure to reboot will prevent MBAM from removing all the malware.*

===================================================

*Run ESET Online Scan*

*IMPORTANT* Please make sure you uncheck the box next to *Remove found threats*. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

*Note*: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read *here*.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

*ESET OnlineScan*


click the *Eset online Scanner* button
*for alternate browsers only*: (Microsoft Internet Explorer users can skip these steps)

o click on *esetinstaller.exe* to download the ESET Smart Installer. Save it to your desktop.
o double click on the Eset installer icon on your desktop.​
check *Yes, I accept the Terms of Use*
click the *Start* button
accept any security warnings from your browser
check *Scan archives* and *Remove found threats*
click Advanced settings and select the following:
o Scan potentially unwanted applications
o Scan for potentially unsafe applications
o Enable Anti-Stealth technology​
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
when the scan completes, push *List of found threats*
push *Export to Text file* and save the file to your desktop using a unique name, such as *ESETScan*. Include the contents of this report in your next reply.

*Note *- if ESET doesn't find any threats, no report will be created.

push the *back* button.
push *Finish*

When the scan is complete:

If no threats were found:



o put a checkmark in "Uninstall application on close"
o close program
o report to me that nothing was found

If threats were found:



o click on "list of threats found"
o click on "export to text file" and save it as *ESET results* and save to the desktop
o Click on *back*
o put a checkmark in "Uninstall application on close"
o click on *finish*
o close program
o copy and paste the report here together with the latest Malwarebytes log.

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

Eset ran all day and all night and now it seems to, be stalled at 99%.


----------



## DennisI (Apr 24, 2014)

I just stopped it.

C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarEng.dll.vir a variant of Win32/Toolbar.Babylon.AA potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarsrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll.vir a variant of Win32/Toolbar.Montiera.F potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\escortShld.dll.vir Win32/Toolbar.Montiera.J potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarsrv.exe.vir probably a variant of Win32/Toolbar.Babylon.AA potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll.vir probably a variant of Win32/Toolbar.Babylon.AA potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\Claro LTD\claro\1.8.8.5\claroApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\Claro LTD\claro\1.8.8.5\claroEng.dll.vir probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\Claro LTD\claro\1.8.8.5\clarosrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\Claro LTD\claro\1.8.8.5\claroTlbr.dll.vir a variant of Win32/Toolbar.Montiera.F potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\Claro LTD\claro\1.8.8.5\escortShld.dll.vir Win32/Toolbar.Funmoods potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\Claro LTD\claro\1.8.8.5\uninstall.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\Claro LTD\claro\1.8.8.5\bh\claro.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroEng.dll.vir probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.8.5\clarosrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll.vir a variant of Win32/Toolbar.Montiera.F potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.8.5\escortShld.dll.vir Win32/Toolbar.Funmoods potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.8.5\uninstall.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.8.5\bh\claro.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\ButtonUtil.dll.vir a variant of Win32/Toolbar.CrossRider.G potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin-bg.exe.vir a variant of Win32/Toolbar.CrossRider.E potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.exe.vir a variant of Win32/Toolbar.CrossRider.E potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\Coupon Companion PluginGui.exe.vir a variant of Win32/Toolbar.CrossRider.F potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe.vir Win32/FileTypeAssistant.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir Win32/FileTypeAssistant.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\temp\~tmp.exe.vir Win32/FileTypeAssistant.A potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object\themechanger\content\sudoku.js.vir Win32/StartSearcher potentially unwanted application 
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application 
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.26.9.505_0\APISupport\APISupport.dll.vir a variant of Win32/Toolbar.Conduit.Z potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\NativeMessaging\CT3288691\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\NativeMessaging\CT3306061\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\NativeMessaging\CT3306061\1_0_0_7\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\Extensions\[email protected]8abef45e2.com\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\Extensions\[email protected]8abef45e2.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application 
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application 
C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
C:\Program Files\Bitcoin\bitcoin-qt.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application 
C:\Program Files\Bitcoin\daemon\bitcoind.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application 
C:\Program Files\ClixSense.com\ClixSense.comToolbarHelper.exe Win32/Toolbar.Conduit.V potentially unwanted application 
C:\Program Files\ClixSense.com\ClixSense.comToolbarHelper1.exe Win32/Toolbar.Conduit.V potentially unwanted application 
C:\Program Files\ClixSense.com\hk64tbCli0.dll Win64/Toolbar.Conduit.A potentially unwanted application 
C:\Program Files\ClixSense.com\hk64tbCli2.dll Win64/Toolbar.Conduit.B potentially unwanted application 
C:\Program Files\ClixSense.com\hk64tbClix.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
C:\Program Files\ClixSense.com\hktbCli0.dll Win32/Toolbar.Conduit.W potentially unwanted application 
C:\Program Files\ClixSense.com\hktbCli2.dll Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files\ClixSense.com\hktbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files\ClixSense.com\ldrtbCli0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
C:\Program Files\ClixSense.com\ldrtbCli2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
C:\Program Files\ClixSense.com\ldrtbClix.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
C:\Program Files\ClixSense.com\prxtbCli0.dll Win32/Toolbar.Conduit.N potentially unwanted application 
C:\Program Files\ClixSense.com\prxtbCli1.dll Win32/Toolbar.Conduit.W potentially unwanted application 
C:\Program Files\ClixSense.com\prxtbCli2.dll Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files\ClixSense.com\prxtbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files\ClixSense.com\tbCli0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files\ClixSense.com\tbCli2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files\ClixSense.com\tbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application 
C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application 
C:\Program Files (x86)\ClixSense.com\ClixSense.comToolbarHelper.exe Win32/Toolbar.Conduit.V potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\ClixSense.comToolbarHelper1.exe Win32/Toolbar.Conduit.V potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\hk64tbCli0.dll Win64/Toolbar.Conduit.A potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\hk64tbCli2.dll Win64/Toolbar.Conduit.B potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\hk64tbClix.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\hktbCli0.dll Win32/Toolbar.Conduit.W potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\hktbCli2.dll Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\hktbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\ldrtbCli0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\ldrtbCli2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\ldrtbClix.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\prxtbCli0.dll Win32/Toolbar.Conduit.N potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\prxtbCli1.dll Win32/Toolbar.Conduit.W potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\prxtbCli2.dll Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\prxtbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\tbCli0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\tbCli2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files (x86)\ClixSense.com\tbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
C:\Program Files (x86)\CPUID\PC Wizard 2012\pc-wizard_2012.2.11-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application 
C:\Program Files (x86)\File Type Assistant\TSASetup.exe Win32/FileTypeAssistant.A potentially unwanted application 
C:\Program Files (x86)\Glary Utilities\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
C:\Program Files (x86)\Glary Utilities\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
C:\Program Files (x86)\KRyLack Software\Asterisk Password Decryptor\KLAstrPwdMon.dll a variant of Win32/PSWTool.IEPasswordsRevealer.A potentially unsafe application 
C:\Qoobox\Quarantine\C\Program Files (x86)\Object\themechanger\content\sudoku.js.vir Win32/StartSearcher potentially unwanted application 
C:\Unzipped files\WinUtilities Professional Edition v10.01\WinUtilities Professional Edition v10.01\wuinstall.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
C:\Users\Dennis\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\Users\Dennis\AppData\Local\fTalk\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application 
C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.26.9.505_0\APISupport\APISupport.dll a variant of Win32/Toolbar.Conduit.Z potentially unwanted application 
C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUC5GGUV\checktbexist[1].exe Win32/Toolbar.Conduit.AF potentially unwanted application 
C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUC5GGUV\clixsense.com[1].exe Win32/Toolbar.Conduit.R potentially unwanted application 
C:\Users\Dennis\Desktop\Old Firefox Data\extensions\[email protected]\chrome\temp\askToolbar.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
C:\Users\Dennis\Desktop\Old Firefox Data\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}(2)\chrome\free_traffic_bar.jar Win32/Toolbar.Conduit.A potentially unwanted application 
C:\Users\Dennis\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application 
C:\Users\Dennis\Downloads\cdbxp_setup_4.5.3.4643.exe Win32/OpenCandy potentially unsafe application 
C:\Users\Dennis\Downloads\Gorilla_Uninstaller_Download_File.exe a variant of Win32/AdWare.GorillaPrice.C application 
C:\Users\Dennis\Downloads\spsetup125.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application 
C:\Users\Dennis\Downloads\.ptmp324174\Setup.exe Win32/Toolbar.Conduit potentially unwanted application 
C:\Users\Dennis\Downloads\.ptmp866454\Setup.exe a variant of Win32/Packed.Themida potentially unwanted application 
C:\Windows\Installer\5a2786d.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarEng.dll a variant of Win32/Toolbar.Babylon.AA potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon.AA potentially unwanted application 
G:\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll probably a variant of Win32/Toolbar.Babylon.AA potentially unwanted application 
G:\Program Files\Bitcoin\bitcoin-qt.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application 
G:\Program Files\Bitcoin\daemon\bitcoind.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application 
G:\Program Files\Claro LTD\claro\1.8.8.5\claroApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\Program Files\Claro LTD\claro\1.8.8.5\claroEng.dll probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\Program Files\Claro LTD\claro\1.8.8.5\clarosrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\Program Files\Claro LTD\claro\1.8.8.5\claroTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application 
G:\Program Files\Claro LTD\claro\1.8.8.5\escortShld.dll Win32/Toolbar.Funmoods potentially unwanted application 
G:\Program Files\Claro LTD\claro\1.8.8.5\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted application 
G:\Program Files\Claro LTD\claro\1.8.8.5\bh\claro.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application 
G:\Program Files\ClixSense.com\ClixSense.comToolbarHelper.exe Win32/Toolbar.Conduit.V potentially unwanted application 
G:\Program Files\ClixSense.com\ClixSense.comToolbarHelper1.exe Win32/Toolbar.Conduit.V potentially unwanted application 
G:\Program Files\ClixSense.com\hk64tbCli0.dll Win64/Toolbar.Conduit.A potentially unwanted application 
G:\Program Files\ClixSense.com\hk64tbCli2.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\ClixSense.com\hk64tbClix.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\ClixSense.com\hktbCli0.dll Win32/Toolbar.Conduit.W potentially unwanted application 
G:\Program Files\ClixSense.com\hktbCli2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\ClixSense.com\hktbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\ClixSense.com\ldrtbCli0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\ClixSense.com\ldrtbCli2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\ClixSense.com\ldrtbClix.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\ClixSense.com\prxtbCli0.dll Win32/Toolbar.Conduit.N potentially unwanted application 
G:\Program Files\ClixSense.com\prxtbCli1.dll Win32/Toolbar.Conduit.W potentially unwanted application 
G:\Program Files\ClixSense.com\prxtbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\ClixSense.com\tbCli0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\ClixSense.com\tbCli2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\ClixSense.com\tbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\CPUID\PC Wizard 2012\pc-wizard_2012.2.11-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\Coupon Companion Plugin\ButtonUtil.dll a variant of Win32/Toolbar.CrossRider.G potentially unwanted application 
G:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin-bg.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application 
G:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll a variant of Win32/Toolbar.CrossRider.A potentially unwanted application 
G:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application 
G:\Program Files\Coupon Companion Plugin\Coupon Companion PluginGui.exe a variant of Win32/Toolbar.CrossRider.F potentially unwanted application 
G:\Program Files\Download_Energy\Download_EnergyToolbarHelper1.exe Win32/Toolbar.Conduit.Q potentially unwanted application 
G:\Program Files\Download_Energy\hk64tbDow2.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\Download_Energy\hktbDow2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\Download_Energy\ldrtbDow1.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\Download_Energy\ldrtbDow2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\Download_Energy\ldrtbDown.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\Download_Energy\prxtbDow0.dll Win32/Toolbar.Conduit.O potentially unwanted application 
G:\Program Files\Download_Energy\prxtbDow2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\Download_Energy\prxtbDown.dll Win32/Toolbar.Conduit.O potentially unwanted application 
G:\Program Files\Download_Energy\tbDow0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\Download_Energy\tbDow2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\Download_Energy\tbDown.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\Glary Utilities\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\Program Files\Glary Utilities\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\Program Files\KRyLack Software\Asterisk Password Decryptor\KLAstrPwdMon.dll a variant of Win32/PSWTool.IEPasswordsRevealer.A potentially unsafe application 
G:\Program Files\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A potentially unwanted application 
G:\Program Files\MyAshampoo\tbMyAs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\Object\themechanger\content\sudoku.js Win32/StartSearcher potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF10_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF11_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF12_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF13_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF3_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF4_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF5_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF6_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF7_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF8_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_DataMngrHlpFF9_1.dll probably a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application 
G:\Program Files\Search Results Toolbar\del_IEBHO_96.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted application 
G:\Program Files\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A potentially unwanted application 
G:\Program Files\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A potentially unwanted application 
G:\Program Files\uTorrentBar\hk64tbuTo0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\uTorrentBar\hktbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\uTorrentBar\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\uTorrentBar\ldrtbuTo2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\uTorrentBar\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Program Files\uTorrentBar\prxtbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\uTorrentBar\prxtbuTo2.dll Win32/Toolbar.Conduit.O potentially unwanted application 
G:\Program Files\uTorrentBar\tbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Program Files\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Program Files\uTorrentBar\uTorrentBarToolbarHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application 
G:\Program Files\Wajam\IE\priam_bho.dll Win32/Wajam.A potentially unwanted application 
G:\Program Files\Wajam\Updater\WajamUpdater.exe Win32/Wajam.A potentially unwanted application 
G:\Users\All Users\VisualBee\VisualBeeSoftware.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application 
G:\Users\All Users\Win7codecs\{200F84C1-7F4A-40DF-8647-DD46BED4EA5A}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\Users\All Users\Win7codecs\{3BD9C264-65E8-4EE5-A145-E8CBDAF4B08D}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\Users\All Users\Win7codecs\{4D2BB89B-468D-4C12-9136-BAD28376E12F}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\Users\All Users\Win7codecs\{C0F7E3F4-3F91-492D-AF6B-4D2C37DFA75C}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\Users\All Users\Win7codecs\{F80A81E3-BBF6-463B-93E4-B90E37D09FA9}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\Users\Dennis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\Users\Dennis\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\Users\Dennis\AppData\Local\Conduit\CT1269415\Download_EnergyAutoUpdateHelper.exe Win32/Toolbar.Conduit.F potentially unwanted application 
G:\Users\Dennis\AppData\Local\Conduit\CT2192277\ClixSense.comAutoUpdateHelper.exe a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Users\Dennis\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdateHelper.exe Win32/Toolbar.Conduit.F potentially unwanted application 
G:\Users\Dennis\AppData\Local\CRE\cpoooaodibfldhiobnmnjliddplmekeb.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
G:\Users\Dennis\AppData\Local\CRE\odiaflgoglmdpognebeehehkabaclnpb.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\BabMaint.x a variant of Win32/Toolbar.Babylon.I potentially unwanted application 
G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application 
G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb\10.16.4.512_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb\10.19.2.505_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb\10.19.2.505_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application 
G:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7IEMV2Y\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX2T0ADP\statisticsstub[1].exe Win32/Toolbar.Conduit potentially unwanted application 
G:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMQ2680V\checktbexist[1].exe Win32/Toolbar.Conduit.AF potentially unwanted application 
G:\Users\Dennis\AppData\Local\Temp\yp4xspVM.exe.part a variant of Win32/SpeedingUpMyPC.F application 
G:\Users\Dennis\AppData\Local\Temp\CT2192277\ctbe.exe Win32/Toolbar.Conduit.AF potentially unwanted application 
G:\Users\Dennis\AppData\Local\Temp\CT2192277\ffLogic.exe Win32/Conduit.SearchProtect.J potentially unwanted application 
G:\Users\Dennis\AppData\Local\Temp\CT2192277\spff.exe Win32/Conduit.SearchProtect.J potentially unwanted application 
G:\Users\Dennis\AppData\Local\Temp\CT2192277\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\hk64tbCli0.dll Win64/Toolbar.Conduit.A potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\hk64tbCli2.dll Win64/Toolbar.Conduit.A potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\hk64tbClix.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\hktbCli0.dll Win32/Toolbar.Conduit.W potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\hktbCli2.dll Win32/Toolbar.Conduit.W potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\hktbClix.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\ldrtbCli0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\ldrtbCli1.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\ldrtbCli2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\ldrtbClix.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\tbCli0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\tbCli1.dll a variant of Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\tbCli2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\tbClix.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ClixSense.com\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\hk64tbDow2.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\hktbDow2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\ldrtbDow0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\ldrtbDow1.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\ldrtbDow2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\ldrtbDown.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\tbDow0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\tbDow1.dll Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\tbDow2.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\Download_Energy\tbDown.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\MyAshampoo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\hk64tbuTo0.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\hktbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\ldrtbuTo0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\ldrtbuTo2.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\tbuTo0.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\tbuTo1.dll Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\tbuTo2.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\Users\Dennis\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx a variant of Win32/Toolbar.Babylon.Q potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\Complitly\Complitly.dll a variant of Win32/Complitly.A potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\Complitly\KeepMeUpdated.exe a variant of Win32/PredictAd.A potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\Complitly\64\Complitly64.dll a variant of Win64/Complitly.A potentially unwanted application 
G:\Users\Dennis\AppData\Roaming\Complitly\64\KeepMeUpdated.exe a variant of Win32/PredictAd.A potentially unwanted application 
G:\DENNIS-PC\Backup Set 2013-12-01 230000\Backup Files 2013-12-01 230000\Backup files 1.zip multiple threats 
G:\DENNIS-PC\Backup Set 2013-12-01 230000\Backup Files 2013-12-01 230000\Backup files 10.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\DENNIS-PC\Backup Set 2013-12-01 230000\Backup Files 2013-12-01 230000\Backup files 16.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\DENNIS-PC\Backup Set 2013-12-01 230000\Backup Files 2013-12-01 230000\Backup files 17.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\DENNIS-PC\Backup Set 2013-12-01 230000\Backup Files 2013-12-01 230000\Backup files 18.zip Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\DENNIS-PC\Backup Set 2013-12-01 230000\Backup Files 2013-12-01 230000\Backup files 20.zip Win32/Toolbar.Conduit.Q potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 10.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 11.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 17.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 18.zip Win32/Toolbar.Conduit.Y potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 20.zip Win32/FileTypeAssistant.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 21.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 26.zip a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 28.zip a variant of Win32/Toolbar.Conduit.B potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 30.zip a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 32.zip a variant of Win64/Toolbar.Conduit.B potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 37.zip Win32/Toolbar.SearchSuite.M potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 38.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 39.zip a variant of Win32/Toolbar.Conduit.Z potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 40.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 42.zip Win32/Toolbar.Conduit.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 51.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 52.zip a variant of Win32/AdWare.GorillaPrice.C application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 53.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 54.zip Win32/Toolbar.Conduit potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 76.zip a variant of Win32/Packed.Themida potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 1.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 2.zip Win32/StartSearcher potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 13.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 19.zip Win32/Toolbar.Conduit.V potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 20.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 21.zip a variant of Win32/HiddenStart.A potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 23.zip Win32/FileTypeAssistant.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 24.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 28.zip a variant of Win32/PSWTool.IEPasswordsRevealer.A potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 32.zip a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 40.zip Win32/StartSearcher potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 41.zip a variant of Win32/Toolbar.Conduit.Z potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 42.zip probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 43.zip Win32/Toolbar.Conduit.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 52.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 53.zip a variant of Win32/AdWare.GorillaPrice.C application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 55.zip Win32/Toolbar.Conduit potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 77.zip a variant of Win32/Packed.Themida potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 1.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 2.zip Win32/StartSearcher potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 3.zip a variant of Win32/Toolbar.Conduit.AH potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 12.zip a variant of Win32/Toolbar.Montiera.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 13.zip Win32/Toolbar.Conduit.V potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 19.zip Win32/Toolbar.Conduit.V potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 20.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 22.zip Win32/FileTypeAssistant.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 23.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 27.zip a variant of Win32/PSWTool.IEPasswordsRevealer.A potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 40.zip Win32/StartSearcher potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 41.zip a variant of Win32/Toolbar.Conduit.Z potentially unwanted application  
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 44.zip Win32/Toolbar.Conduit.A potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 53.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 54.zip a variant of Win32/AdWare.GorillaPrice.C application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 56.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 57.zip Win32/Toolbar.Conduit potentially unwanted application 
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 80.zip a variant of Win32/Packed.Themida potentially unwanted application

Mbam log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/19/2014
Scan Time: 10:20:08 AM
Logfile: 
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.19.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dennis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271012
Time Elapsed: 11 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.ValueApps.A, HKU\S-1-5-21-3246782875-1836535004-4075896310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [37098fc44e2dfd395a09940a10f227d9],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\xpi, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\xpi\defaults, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\xpi\defaults\preferences, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.ValueApps.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\valueApps, Quarantined, [2c1440131a61c86e3803caae8d756997], 
PUP.Optional.ValueApps.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\valueApps\CT2192277, Quarantined, [2c1440131a61c86e3803caae8d756997],

Files: 35
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\ctbe.exe, Quarantined, [043c9bb8f38864d26b1a74aa4db31ae6], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\ffLogic.exe, Quarantined, [f947b79cea910f278dbe011bee1358a8], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\a95e616a-3a7c-45d3-acb1-565cdd97a35a\ClixSense_Setup.exe, Quarantined, [61dfd67db9c255e1b0fa5de73fc1c739], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\3235c265-2a1d-4278-ba89-3ca75a2e50e1\ClixSense_Setup.exe, Quarantined, [49f758fbd7a464d28f1b9fa5d52b19e7], 
PUP.Optional.Conduit.A, C:\Users\Dennis\Downloads\ClixSense_Setup.exe, Quarantined, [e55b21324a31ba7c3730241940c05ba5], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\chromeid.txt, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\CT2192277.xpi, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\ddt.csf, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\setup.ini.txt, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\statisticsStub.exe, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\tbccint.xml, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\version.txt, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\xpi\install.rdf, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.Conduit.A, C:\Users\Dennis\AppData\Local\Temp\CT2192277\xpi\defaults\preferences\defaults.js, Quarantined, [6dd3d67d97e40f27cfe680f2a55d52ae], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\03efe7e713c26bca18bd6f36137dddd2.0, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\054a4270b87b87f5e9ec964b21613b46, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\0a7b4732362c02e88c8ab362287cacae, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\110983111e9820714a5aa63092231a99, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\1d78da8c7e8fd03777c0810110e5cab1, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\398e65cdc12900eef1a4dc76ed323537, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\3bca67bbc1c5cae62fde4c450261c552, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\4f9ad6a60bb62abd6506e3b3c60f4836.0, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\6804d0b313739f5a019a507e763b4246, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\72575d1a90ed0ec9de47748564df045c, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\7a75293c10dea462b57b2c6c86f5ba2e.0, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\a86dc803824bd37c6b17c79e20d6498f, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\b09874bdd4af8e35170dbc0ef9d84eac, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\bb8a30daf07989adecb0fda8268a1a24.0, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\cd346ec8bdc47dcea996870a2400d462.0, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\d19d80db84c85c9a411e0fdd42ab8398.0, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\d50021b1349e0961aa2c351b2425d2db, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\f4c4d21183a3398d1b08fb556ac528fd, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\f5c2ffe039c819997952b8cdd631c3e3, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\f83257a620c498b42b9d71229c740a44, Quarantined, [310f73e0285375c110e2de99a55d10f0], 
PUP.Optional.FreeCauseTB.A, C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB\{771f3037-9885-4423-b50f-a5ede4854e26}\62133\tb.xml, Quarantined, [310f73e0285375c110e2de99a55d10f0],

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## Satchfan (Jan 12, 2009)

Im not surprised that Eset took so long to run. There are quite a few infections in Chrome, Firefox and your backup files so well deal with what Eset found first but there is still some work to be done.

Please copy all text in the code box below and paste it into Notepad:

*


Code:


@echo off
del /f /s /q "C:\Program Files\BabylonToolbar
del /f /s /q "C:\Program Files\Bitcoin
del /f /s /q "C:\Program Files\ClixSense.com 
del /f /s /q "C:\Program Files (x86)\Bitcoin
del /f /s /q "C:\Program Files (x86)\CPUID\PC Wizard 2012\pc-wizard_2012.2.11-setup
del /f /s /q "C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart 
del /f /s /q "C:\Program Files (x86)\File Type Assistant 
del /f /s /q "C:\Program Files (x86)\Glary Utilities\ApnIC.dll 
del /f /s /q "C:\Program Files (x86)\Glary Utilities\ApnToolbarInstaller.exe 
del /f /s /q "C:\Program Files (x86)\KRyLack Software\Asterisk Password Decryptor\KLAstrPwdMon.dll
del /f /s /q "C:\Unzipped files\WinUtilities Professional Edition v10.01 
del /f /s /q "C:\Users\Dennis\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho 
del /f /s /q "C:\Users\Dennis\AppData\Local\fTalk\Helper.dll 
del /f /s /q "C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.26.9.505_0\APIS upport\APISupport.dll 
del /f /s /q "C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho\10.26.9.505_0\nati veMessaging\TBMessagingHost.exe 
del /f /s /q "C:\Users\Dennis\Desktop\Old Firefox Data\extensions\[email protected] 
del /f /s /q "C:\Users\Dennis\Desktop\Old Firefox Data\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}(2)\chrome\free_traffic_bar.jar 
del /f /s /q "C:\Users\Dennis\Downloads\ccsetup410.exe 
del /f /s /q "C:\Users\Dennis\Downloads\cdbxp_setup_4.5.3.4643.exe 
del /f /s /q "C:\Users\Dennis\Downloads\Gorilla_Uninstaller_Download_File.exe 
del /f /s /q "C:\Users\Dennis\Downloads\spsetup125.exe 
del /f /s /q "C:\Users\Dennis\Downloads\.ptmp324174\Setup.exe 
del /f /s /q "C:\Users\Dennis\Downloads\.ptmp866454\Setup.exe 
del /f /s /q "C:\Windows\Installer\5a2786d.msi 
del /f /s /q "G:\Program Files\BabylonToolbar
del /f /s /q "G:\Program Files\Bitcoin 
del /f /s /q "G:\Program Files\Claro LTD 
del /f /s /q "G:\Program Files\ClixSense.com
del /f /s /q "G:\Program Files\CPUID\PC Wizard 2012\pc-wizard_2012.2.11-setup.exe 
del /f /s /q "G:\Program Files\Conduit 
del /f /s /q "G:\Program Files\ConduitEngine 
del /f /s /q "G:\Program Files\Coupon Companion Plugin 
del /f /s /q "G:\Program Files\Download_Energy 
del /f /s /q "G:\Program Files\Glary Utilities\ApnIC.dll 
del /f /s /q "G:\Program Files\Glary Utilities\ApnToolbarInstaller.exe 
del /f /s /q "G:\Program Files\KRyLack Software\Asterisk Password Decryptor\KLAstrPwdMon.dll 
del /f /s /q "G:\Program Files\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect 
del /f /s /q "G:\Program Files\MyAshampoo\tbMyAs.dll 
del /f /s /q "G:\Program Files\Object\themechanger\content\sudoku.js Win32/StartSearcher 
del /f /s /q "G:\Program Files\Search Results Toolbar 
del /f /s /q "G:\Program Files\SearchProtect 
del /f /s /q "G:\Program Files\uTorrentBar 
del /f /s /q "G:\Program Files\Wajam\IE\priam_bho.dll 
del /f /s /q "G:\Program Files\Wajam\Updater\WajamUpdater.exe 
del /f /s /q "G:\Users\All Users\VisualBee\VisualBeeSoftware.exe 
del /f /s /q "G:\Users\All Users\Win7codecs\{200F84C1-7F4A-40DF-8647-DD46BED4EA5A}\Win7codecs.msi 
del /f /s /q "G:\Users\All Users\Win7codecs\{3BD9C264-65E8-4EE5-A145-E8CBDAF4B08D}\Win7codecs.msi 
del /f /s /q "G:\Users\All Users\Win7codecs\{4D2BB89B-468D-4C12-9136-BAD28376E12F}\Win7codecs.msi 
del /f /s /q "G:\Users\All Users\Win7codecs\{C0F7E3F4-3F91-492D-AF6B-4D2C37DFA75C}\Win7codecs.msi 
del /f /s /q "G:\Users\All Users\Win7codecs\{F80A81E3-BBF6-463B-93E4-B90E37D09FA9}\Win7codecs.msi 
del /f /s /q "G:\Users\Dennis\AppData\Local\Conduit 
del /f /s /q "G:\Users\Dennis\AppData\Local\CRE 
del /f /s /q "G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\BabMaint.x 
del /f /s /q "G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\BUSolution.d ll 
del /f /s /q "G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb\10.16.4.512_0\plug ins\ConduitChromeApiPlugin.dll 
del /f /s /q "G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb\10.19.2.505_0\plug ins\ConduitChromeApiPlugin.dll 
del /f /s /q "G:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\odiaflgoglmdpognebeehehkabaclnpb\10.19.2.505_0\plug ins\TBVerifier.dll 
del /f /s /q "G:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7IEMV2Y\TBUpdaterLogic[1].dll 
del /f /s /q "G:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX2T0ADP\statisticsstub[1].exe 
del /f /s /q "G:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMQ2680V\checktbexist[1].exe 
del /f /s /q "G:\Users\Dennis\AppData\Local\Temp\yp4xspVM.exe 
del /f /s /q "G:\Users\Dennis\AppData\Local\Temp\CT2192277\ctbe.exe 
del /f /s /q "G:\Users\Dennis\AppData\Local\Temp\CT2192277\ffLogic.exe 
del /f /s /q "G:\Users\Dennis\AppData\Local\Temp\CT2192277\spff.exe 
del /f /s /q "G:\Users\Dennis\AppData\Local\Temp\CT2192277\statisticsStub.exe 
del /f /s /q "G:\Users\Dennis\AppData\LocalLow\ClixSense.com 
del /f /s /q "G:\Users\Dennis\AppData\LocalLow\ConduitEngine 
del /f /s /q "G:\Users\Dennis\AppData\LocalLow\Download_Energy 
del /f /s /q "G:\Users\Dennis\AppData\LocalLow\MyAshampoo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll 
del /f /s /q "G:\Users\Dennis\AppData\LocalLow\uTorrentBar
del /f /s /q "G:\Users\Dennis\AppData\Roaming\BabylonToolbar 
del /f /s /q "G:\Users\Dennis\AppData\Roaming\Complitly 
del /f /s /q "G:\DENNIS-PC\Backup Set 2013-12-01 230000\Backup Files 2013-12-01 230000 
del /f /s /q "G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227
del /f /s /q "G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132 
del /f /s /q "G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002
del %0

*
save the Notepad file to your desktop and name it *delfiles.bat*
save type as "*All Files*"
on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

====================================================

Download *TFC* to your *desktop* 

close any open windows
double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run
click the *Start* button to begin the process
allow *TFC* to run uninterrupted
the program should not take long to finish it's job
once its finished it should automatically *reboot your machine*
if it doesn't, manually reboot to ensure a complete clean.

====================================================

Id like another ComboFix report to see what is currently installed on your computer.


push the Windows key, (between the "Ctrl" button and "Alt" Button) + "R"
copy/paste the following bolded text into the run box and then click *OK*:

*C:\Qoobox\Add-Remove Programs.txt*

Satchfan


----------



## DennisI (Apr 24, 2014)

The .bat file showed several "not found" messages.

µTorrent
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader Free Download Packages
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.1
Apple Application Support
Apple Software Update
Ashampoo Gadge It v.1.0.1
Ashampoo HDD Control 2 v.2.1.0
Ashampoo Internet Accelerator 3 v.3.20
Ashampoo WinOptimizer 10 v.10.3.0
Aurora 29.0a2 (x86 en-US)
AutoBinaryEA
AutoEABinary
avast! Internet Security
Banctec Service Agreement
Big Fish: Game Manager
Binary Option Robot version 1.1
Buxenger
CDBurnerXP
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
Cooking Academy: Restaurant Royale
Copernic Desktop Search 4
D3DX10
Dell Digital Delivery
Dell Home Systems Service Agreement
Dell System Detect
Dell Wireless Driver Installation
Dell WLAN and Bluetooth Client Installation
DesktopWeatherAlerts
DHTML Editing Component
DivX Setup
DownLite
DriveImage XML (Private Edition)
Easy Clone Detective
eBay
File Type Assistant
FileHippo.com Update Checker
Free File Viewer 2014
Free ISO Creator version 2.8
fTalk
Glary Utilities 4.9
GomezPEER
Google Chrome
Google Drive
Google Earth
Google Update Helper
iLivid
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Watchdog Timer Driver (Intel® WDT)
Java 7 Update 10
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Linkey
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 2.00.0.1000
MetaTrader 4
Microsoft OneDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 28.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Singing Monsters
OpenOffice 4.0.1
OpenOffice Beta 4.1.0
PeaZip 5.3.0
Photo Common
Photo Gallery
Premium Service Agreement
Process Lasso
PySol Fan Club edition v.2.0
PySolFC Solitaire (a freeware Solitaire Game) version 1.1
QualxServ Service Agreement
QuickTime 7
RadarSync PC Updater 2013
RealDownloader
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Registry Defragmentation
RoboForm 7-9-6-7 (All Users)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Settings Manager
Simple Search-Replace
Skype Click to Call
Skype 6.14
SpeedyPC Pro
Stardock Fences 2
Stardock ObjectDock
Super Internet TV v8.0 (Free Edition)
swMSM
The Path of Hercules
Turbo Lister 2
UpdateService
uPlayer
uTorrentMC
VC80CRTRedist - 8.0.50727.6195
WeatherBug
Webshots Extractor version 1.0.0.000
Webshots Wallpaper & Screensaver version 1.5.0.31
WebsiteGenerator version 1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinUtilities Professional Edition 11.13


----------



## Satchfan (Jan 12, 2009)

*Uninstall the following programs, if present:*

*iLivid
Java 7 Update 10
SpeedyPC Pro* - *SpeedyPC Pro* is an illegitimate Microsoft Windows application. It is based on fake system scans and display misleading, limited, harmful, and fake results to claim that your computer has serious problems and asks for remote access to your computer if problems arise.
*WeatherBug* (this is really optional since it is only a minor adware nuisance)


1. Click *Start, Control Panel, Programs and Features*
2. Click on iLivid, and then *Uninstall*. 
3. Click on each of the programs in turn and then *Uninstall*.

*If you are prompted for an administrator password or confirmation, type the password or provide confirmation. *

===================================================

*AfwServ.exe* is running which is Avast's firewall service. Windows firewall is also on so one must be disabled. You can either disable Avast's service from Avast's Control Center or disable Window's firewall via the Control panel but *only stop ONE, not both*. If you have a problem doing this let me know.

Please run a new Eset scan and let me know the results.

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

I could not find i_livid. _I like Weatherbug. Wish I had known about SpeedyPC before _I paid for it...._

C:\Users\Dennis\Downloads\Gorilla_Uninstaller_Download_File.exe a variant of Win32/AdWare.GorillaPrice.C application cleaned by deleting - quarantined
G:\Users\Dennis\AppData\Local\Temp\yp4xspVM.exe.part a variant of Win32/SpeedingUpMyPC.F application cleaned by deleting - quarantined
G:\DENNIS-PC\Backup Set 2013-12-01 230000\Backup Files 2013-12-01 230000\Backup files 1.zip multiple threats deleted - quarantined
G:\SONOFSAM2\Backup Set 2014-04-14 003227\Backup Files 2014-04-14 003227\Backup files 52.zip a variant of Win32/AdWare.GorillaPrice.C application deleted - quarantined
G:\SONOFSAM2\Backup Set 2014-05-14 134132\Backup Files 2014-05-14 134132\Backup files 53.zip a variant of Win32/AdWare.GorillaPrice.C application deleted - quarantined
G:\SONOFSAM2\Backup Set 2014-05-18 230002\Backup Files 2014-05-18 230002\Backup files 54.zip a variant of Win32/AdWare.GorillaPrice.C application deleted - quarantined


----------



## Satchfan (Jan 12, 2009)

Youve done well Dennis and it seems that we are about there but as ComboFix found *iLivid* Id like a check to see if there are any remnants of it around.

Please download *SystemLook* from one of the links below and save it to your Desktop.

*SystemLook (32-bit) *
*SystemLook (64-bit)* 


double-click *SystemLook.exe* to run it.
copy the content of the following codebox into the main textfield - please make sure you include the colon, (*:*), at the beginning.:

*


Code:


:filefind
*OpenCandy*
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*OpenCandy*
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
OpenCandy
Fun4IM
Bandoo
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech

*
click the *Look* button to start the scan.
when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Satchfan


----------



## DennisI (Apr 24, 2014)

Here ya go:

SystemLook 04.09.10 by jpshortstuff
Log created at 11:56 on 23/05/2014 by Dennis
Administrator - Elevation successful

========== filefind ==========

Searching for "*OpenCandy*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\iLivid.exe.vir --a---- 3470848 bytes [21:16 01/11/2013] [08:18 24/10/2012] A361EABB45F0028CF53FBFE1C9712090
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\ilivid.ico.vir --a---- 9662 bytes [21:16 01/11/2013] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_de.qm.vir --a---- 32485 bytes [21:17 01/11/2013] [08:17 24/10/2012] E38586374B7462948E741513ACA73469
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_en.qm.vir --a---- 23 bytes [21:17 01/11/2013] [08:17 24/10/2012] 4AEF4415F2E976B2CC6F24B877804A57
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_es.qm.vir --a---- 31308 bytes [21:17 01/11/2013] [08:17 24/10/2012] 4F81DFF25D4A9D62AE6F00188F20DD95
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_fr.qm.vir --a---- 33782 bytes [21:17 01/11/2013] [08:17 24/10/2012] 74E8B1351C97B563C6150589ECA02669
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_it.qm.vir --a---- 31432 bytes [21:17 01/11/2013] [08:17 24/10/2012] 1CB37F7FF96D25B3409F4143FA433E04
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_pt.qm.vir --a---- 28820 bytes [21:17 01/11/2013]  [08:17 24/10/2012] 9DAD581B07E6F8FA319F78E9D327191C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_tr.qm.vir --a---- 29146 bytes [21:17 01/11/2013] [08:17 24/10/2012] BBAE9B0AEA7697753FCDBC353D42FC38
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid\iLivid.exe.vir --a---- 7307776 bytes [18:52 11/01/2014] [23:55 11/02/2014] 0DFDD88C8DA5FAE3664D0B63469621CF
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk.vir --a---- 1013 bytes [18:53 11/01/2014] [21:07 21/03/2014] FC0DCA0CA117DDF2D08D53245FC9AE57
C:\AdwCleaner\Quarantine\C\Users\Dennis\Desktop\iLivid.lnk.vir --a---- 1005 bytes [18:53 11/01/2014] [21:07 21/03/2014] BB0E3230818E9512F78B8C3C7A77775D
C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk --a---- 1007 bytes [18:53 11/01/2014] [21:07 21/03/2014] BD126A142F478A065B0159818E705817

Searching for "*whitesmoke*"
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Colors-Named\0129_WhiteSmoke.skm --a---- 1526 bytes [21:23 01/11/2013] [13:09 17/05/2013] AD41BC61879535202A0D3867FFB67716

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*OpenCandy*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid d------ [15:31 02/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid d------ [20:56 03/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid\iLivid d------ [20:56 03/05/2014]
C:\Program Files (x86)\iLivid d------ [21:16 01/11/2013]
C:\Users\Dennis\AppData\Local\iLivid d------ [18:51 11/01/2014]
C:\Users\Dennis\AppData\Local\iLivid\iLivid d------ [15:12 11/05/2014]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Dennis\AppData\LocalLow\DataMngr d------ [18:38 13/05/2014]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "OpenCandy"
[HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
"OfferProvider"="OpenCandy"
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BitTorrent\uTorrent]
"OfferProvider"="OpenCandy"

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2142FC08-0FA0-4C68-A8DD-BBE2CDCEF551}]
@="IDesktopSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8D22486C-384F-309E-9B2E-7103CDC0EEA2}]
@="_DesktopSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2142FC08-0FA0-4C68-A8DD-BBE2CDCEF551}]
@="IDesktopSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8D22486C-384F-309E-9B2E-7103CDC0EEA2}]
@="_DesktopSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\"Software\iLivid]
[HKEY_CURRENT_USER\"Software\iLivid\iLivid"]
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Startup]
"C:\USERS\DENNIS\APPDATA\LOCAL\ILIVID\ILIVID.EXE"="01/29/2014 12:27 AM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Startup]
"C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe -autorun"="03/21/2014 5:07 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe -autorun"="11"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
@="iLivid.torrent"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dennis\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dennis\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Classes\.torrent]
"iLivid.torrent_backup"="uTorrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ilividsetup-r0-n-bc.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ilividsetup-r0-n-bf.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r420-n-bf.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\"Software\iLivid]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\"Software\iLivid\iLivid"]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\Detected\Startup]
"C:\USERS\DENNIS\APPDATA\LOCAL\ILIVID\ILIVID.EXE"="01/29/2014 12:27 AM"
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\Detected\Startup]
"C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe -autorun"="03/21/2014 5:07 PM"
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\WinPatrol\Run]
"C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe -autorun"="11"
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
@="iLivid.torrent"
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dennis\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dennis\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Classes\.torrent]
"iLivid.torrent_backup"="uTorrent"
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000_Classes\.torrent]
"iLivid.torrent_backup"="uTorrent"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-


----------



## Satchfan (Jan 12, 2009)

There is still a lot of junk in your registry and in your Program files that we need to clean up.

*Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below. *

*Run OTL*


double click on the icon to run it.
copy/paste *ALL* the following text written *inside the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL

*


Code:


:Services

:Reg
[-HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BitTorrent\uTorrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2142FC08-0FA0-4C68-A8DD-BBE2CDCEF551}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8D22486C-384F-309E-9B2E-7103CDC0EEA2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2142FC08-0FA0-4C68-A8DD-BBE2CDCEF551}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8D22486C-384F-309E-9B2E-7103CDC0EEA2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_CURRENT_USER\Software\iLivid]
[-HKEY_CURRENT_USER\Software\iLivid\iLivid]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileEx ts\.torrent]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dennis\AppDa ta\Local\iLivid]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dennis\AppData\Local\iLivid]
[-HKEY_CURRENT_USER\Software\Classes\.torrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ilividsetup-r0-n-bc.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ilividsetup-r0-n-bf.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r420-n-bf.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"=- 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"=-
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\"Software\iLivid]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\"Software\iLivid\iLivid"]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\Detected\Startup]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\Detected\Startup]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\WinPatrol\Run]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dennis\AppDa ta\Local\iLivid]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dennis\AppData\Local\iLivid]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Classes\.torrent]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000_Classes\.torrent]

[--HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

:Files
C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
C:\Program Files (x86)\SketchUp
C:\Program Files (x86)\iLivid d
C:\Users\Dennis\AppData\Local\iLivid d
C:\Users\Dennis\AppData\Local\iLivid\iLivid d
C:\Users\Dennis\AppData\LocalLow\DataMngr d
C:\USERS\DENNIS\APPDATA\LOCAL\ILIVID\ILIVID.EXE

:Commands
[purity]
[emptytemp]
[Reboot]

*
click the *Run Fix* button at the top
let the program run unhindered, reboot when it is done
please post the OTL fix log but dont run OTL again until all these instructions are completed.

===================================================

*Uninstall AdwCleaner*

double click on *adwcleaner.exe* to run the tool
click on *Uninstall*
confirm with *Yes*

Download AdwCleaner again from *here* and save it to your desktop.


run AdwCleaner 
when it has finished, select *Clean*
if it asks to reboot, allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Please delete the old SystemLook.txt log on your desktop then run System Look again according to the previous instructions and post the new log.

Logs to include in the next post:

*OTL fix log
AdwCleaner log
SystemLook.txt *

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\BitTorrent\uTorrent\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BitTorrent\uTorrent\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2142FC08-0FA0-4C68-A8DD-BBE2CDCEF551}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2142FC08-0FA0-4C68-A8DD-BBE2CDCEF551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8D22486C-384F-309E-9B2E-7103CDC0EEA2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D22486C-384F-309E-9B2E-7103CDC0EEA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2142FC08-0FA0-4C68-A8DD-BBE2CDCEF551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2142FC08-0FA0-4C68-A8DD-BBE2CDCEF551}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8D22486C-384F-309E-9B2E-7103CDC0EEA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D22486C-384F-309E-9B2E-7103CDC0EEA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_CURRENT_USER\Software\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\iLivid\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileEx ts\.torrent\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dennis\AppDa ta\Local\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dennis\AppData\Local\iLivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.torrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ilividsetup-r0-n-bc.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\ilividsetup-r0-n-bf.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r420-n-bf.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\Fi rewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules not found.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\"Software\iLivid\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\"Software\iLivid\iLivid"\ not found.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\Detected\Startup\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\Detected\Startup\ not found.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BillP Studios\WinPatrol\Run\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dennis\AppDa ta\Local\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dennis\AppData\Local\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Classes\.torrent\ not found.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000_Classes\.torrent not found.
Registry key -HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
========== FILES ==========
C:\Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Tools folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Support folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Styles\Style Builder Competition Winners folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Styles\Straight Lines folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Styles\Sketchy Edges folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Styles\Photo Modeling folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Styles\Default Styles folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Styles\Color Sets folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Styles\Assorted Styles folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Styles folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Style Builder\Sample Strokes folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Style Builder folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\welcomescreen\images\welcome folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\welcomescreen\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\welcomescreen folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\Templates folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\searching folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24204\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24204 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24203\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24203 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24202\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24202 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24201\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24201 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24200\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24200 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24198\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\24198 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\23006\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\23006 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21940\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21940 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21525\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21525 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21515 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21494\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21494 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21410\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21410 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21405\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21405 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21337\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21337 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21236\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21236 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21169\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21169 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21162\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21162 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21129\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21129 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21126\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21126 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21100\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21100 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21096\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21096 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21095\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21095 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21094\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21094 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21074\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21074 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21065\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21065 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21057\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21057 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21048\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21048 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21041\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21041 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21031\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21031 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21024\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21024 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21022\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21022 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21020\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21020 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21019\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\21019 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10526\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10526 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10525\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10525 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10523\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10523 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10520\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10520 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10509\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10509 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10508\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool\10508 folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\tool folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent\js folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US\helpcontent folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources\en-US folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Resources folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_webtextures folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_sandbox\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_sandbox folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_dynamiccomponents\skps folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_dynamiccomponents\ruby folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_dynamiccomponents\js folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_dynamiccomponents\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_dynamiccomponents\html folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_dynamiccomponents\css folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_dynamiccomponents folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_advancedcameratools\images folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_advancedcameratools\cameradata folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins\su_advancedcameratools folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Plugins folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Wood folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Water folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Vegetation folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Translucent folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Tonal Patterns folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Tile folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Stone folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Sketchy folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Roofing folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Metal folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Material Symbols folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Markers folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Groundcover folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Geometric Tiles folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Fencing folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Colors-Named folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Colors folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Carpet and Textiles folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Brick and Cladding folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Blinds folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials\Asphalt and Concrete folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Materials folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\LayOut folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Importers folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Exporters folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Components\Dynamic Components Training folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Components\Components Sampler folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013\Components folder moved successfully.
C:\Program Files (x86)\SketchUp\SketchUp 2013 folder moved successfully.
C:\Program Files (x86)\SketchUp folder moved successfully.
File\Folder C:\Program Files (x86)\iLivid d not found.
File\Folder C:\Users\Dennis\AppData\Local\iLivid d not found.
File\Folder C:\Users\Dennis\AppData\Local\iLivid\iLivid d not found.
File\Folder C:\Users\Dennis\AppData\LocalLow\DataMngr d not found.
File\Folder C:\USERS\DENNIS\APPDATA\LOCAL\ILIVID\ILIVID.EXE not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dennis
->Temp folder emptied: 13084624 bytes
->Temporary Internet Files folder emptied: 2640363 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22946272 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 535452 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 730 bytes

Total Files Cleaned = 37.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05242014_105210

Files\Folders moved on Reboot...
C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.210 - Report created 24/05/2014 at 11:10:09
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dennis - SONOFSAM2
# Running from : C:\Users\Dennis\Downloads\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\iLivid
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Users\Dennis\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Dennis\AppData\Local\iLivid
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Dennis\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\FCTB
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\Smartbar
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\ValueApps
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\CT2192277
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\Extensions\{70df8d13-bdd3-448e-944c-efde21b77161}
File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\xdmxyef8.default\prefs.js ]

Line Deleted : user_pref("CT2192277.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2192277.1000082.state", "{\"state\":\"stopped\",\"text\":\"Today's T...\",\"description\":\"Today's Top Country Hits\",\"url\":\"hxxp://www.000audio.com/asx/ct.asx\"}");
Line Deleted : user_pref("CT2192277.1000234.TWC_TMP_city", "FAIRPORT");
Line Deleted : user_pref("CT2192277.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT2192277.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT2192277.1000234.TWC_locId", "USNY0477");
Line Deleted : user_pref("CT2192277.1000234.TWC_location", "Fairport, NY");
Line Deleted : user_pref("CT2192277.1000234.TWC_region", "US");
Line Deleted : user_pref("CT2192277.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT2192277.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT2192277.Calendar_DaysActivity.enc", "MTQwMDk0MjcxMzUzOA==");
Line Deleted : user_pref("CT2192277.Calendar_firstTimeNotification_129883112190108518.enc", "bm8=");
Line Deleted : user_pref("CT2192277.Calendar_lang.enc", "RU4=");
Line Deleted : user_pref("CT2192277.Calendar_welcome_popup_text.enc", "Q2xpY2sgdG8gc3RhcnQgcnVubmluZyB5b3VyIHNjaGVkdWxlLCBldmVudHMsIGJpcnRoZGF5cywgYW5kIFRvIERv4oCZcyByaWdodCBoZXJlLiAgU3luYyB3aXRoIEdvb2dsZSBDYWxlbmRh[...]
Line Deleted : user_pref("CT2192277.Calendar_welcome_popup_title.enc", "V2VsY29tZSB0byBDYWxlbmRhcis=");
Line Deleted : user_pref("CT2192277.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2192277.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2192277.FF19Solved", "true");
Line Deleted : user_pref("CT2192277.FirstTime", "true");
Line Deleted : user_pref("CT2192277.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2192277.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT2192277.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT2192277.UserID", "UN31486224793031823");
Line Deleted : user_pref("CT2192277.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2192277.appOptions", "{}");
Line Deleted : user_pref("CT2192277.countryCode", "US");
Line Deleted : user_pref("CT2192277.defaultSearch", "false");
Line Deleted : user_pref("CT2192277.dum", "2");
Line Deleted : user_pref("CT2192277.enableAlerts", "true");
Line Deleted : user_pref("CT2192277.enableSearchFromAddressBar", "false");
Line Deleted : user_pref("CT2192277.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2192277.fixPageNotFoundError", "false");
Line Deleted : user_pref("CT2192277.fixPageNotFoundErrorByUser", "false");
Line Deleted : user_pref("CT2192277.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2192277.fullUserID", "UN31486224793031823.IN.20131030195705");
Line Deleted : user_pref("CT2192277.hxxps___calendar_tbccint_com_v1.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0wLGNsb3NlYnV0dG9uPTAsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPW9mZnN[...]
Line Deleted : user_pref("CT2192277.installDate", "19/05/2014 09:40:04");
Line Deleted : user_pref("CT2192277.installId", "dm");
Line Deleted : user_pref("CT2192277.installSessionId", "3235c265-2a1d-4278-ba89-3ca75a2e50e1");
Line Deleted : user_pref("CT2192277.installSp", "false");
Line Deleted : user_pref("CT2192277.installType", "clientconnectnsisintegration");
Line Deleted : user_pref("CT2192277.installerVersion", "1.11.0.9");
Line Deleted : user_pref("CT2192277.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2192277.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2192277.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2192277.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2192277.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://www.trovi.com/?gd=&ctid=CT2192277&octid=CT2192277&ISID=ISID_ID&SearchSource=15&CUI=UN31486224793031823&Lay=1&UM=4[...]
Line Deleted : user_pref("CT2192277.lastVersion", "10.31.0.526");
Line Deleted : user_pref("CT2192277.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT2192277.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://ClixSensecom.OurToolbar.com/\",\"EB_TO[...]
Line Deleted : user_pref("CT2192277.openThankYouPage", "true");
Line Deleted : user_pref("CT2192277.openUninstallPage", "true");
Line Deleted : user_pref("CT2192277.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT2192277.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT2192277.search.searchAppId", "128802460738106541");
Line Deleted : user_pref("CT2192277.search.searchCount", "0");
Line Deleted : user_pref("CT2192277.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2192277.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2192277.searchRevert", "false");
Line Deleted : user_pref("CT2192277.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT2192277.searchUninstallUserMode", "4");
Line Deleted : user_pref("CT2192277.searchUserMode", "4");
Line Deleted : user_pref("CT2192277.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2192277.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2192277.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2192277\"}");
Line Deleted : user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://ClixSensecom.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2192277.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"ClixSense.com \"}");
Line Deleted : user_pref("CT2192277.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2192277.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2192277.serviceLayer_services_Configuration_lastUpdate", "1400860572928");
Line Deleted : user_pref("CT2192277.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1400506850972");
Line Deleted : user_pref("CT2192277.serviceLayer_services_appsMetadata_lastUpdate", "1400860572884");
Line Deleted : user_pref("CT2192277.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1400506851954");
Line Deleted : user_pref("CT2192277.serviceLayer_services_login_10.30.1.2_lastUpdate", "1400593953318");
Line Deleted : user_pref("CT2192277.serviceLayer_services_login_10.30.1.502_lastUpdate", "1400788573324");
Line Deleted : user_pref("CT2192277.serviceLayer_services_login_10.31.0.526_lastUpdate", "1400942699426");
Line Deleted : user_pref("CT2192277.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1400506851982");
Line Deleted : user_pref("CT2192277.serviceLayer_services_searchAPI_lastUpdate", "1400860573020");
Line Deleted : user_pref("CT2192277.serviceLayer_services_serviceMap_lastUpdate", "1400860572767");
Line Deleted : user_pref("CT2192277.serviceLayer_services_toolbarContextMenu_lastUpdate", "1400876699754");
Line Deleted : user_pref("CT2192277.serviceLayer_services_toolbarSettings_lastUpdate", "1400942700166");
Line Deleted : user_pref("CT2192277.serviceLayer_services_translation_lastUpdate", "1400860572780");
Line Deleted : user_pref("CT2192277.settingsINI", true);
Line Deleted : user_pref("CT2192277.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2192277.showToolbarPermission", "false");
Line Deleted : user_pref("CT2192277.smartbar.CTID", "CT2192277");
Line Deleted : user_pref("CT2192277.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2192277.smartbar.toolbarName", "ClixSense.com ");
Line Deleted : user_pref("CT2192277.startPage", "false");
Line Deleted : user_pref("CT2192277.superCalendar_close_popup_129883112190108518.enc", "MC45MDkxNzQ5MDc2NTk5MjQ5");
Line Deleted : user_pref("CT2192277.toolbarBornServerTime", "15-5-2014");
Line Deleted : user_pref("CT2192277.toolbarCurrentServerTime", "24-5-2014");
Line Deleted : user_pref("CT2192277.toolbarInstallDate", "19-05-2014 09:40:02");
Line Deleted : user_pref("CT2192277.toolbarLoginClientTime", "Mon May 19 2014 09:40:49 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2192277.versionFromInstaller", "10.30.1.2");
Line Deleted : user_pref("CT2192277.xpeMode", "1");
Line Deleted : user_pref("CT2192277_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1400943938813,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.21.KeywordHistory", "speedypc%7Cclixsense%2520firefox%2520toolbar%2520missing%7Cmissing%2520toolbar%2520in%2520firefox%7C%2522clixsense%2520tool%25[...]
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 24);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DNSCatch", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.EBOMode", false);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.EnableDCAData_xx", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.EnableDCA_xx", false);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.InstallDomain", "inboxdollars.com");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.InstallType", "one_click");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 24);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1400807803315");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "hxxp%3A//www.11alive.com/");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Google");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dcaDefaultMode", false);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dcaShowInstallerPage", false);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.dcaShowSurvey", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hidden.login", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hidden.promo", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hidden.signup", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.partnerauth", false);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_homepage", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.session", "5037728CEE3DEF8242E3F3EF411CFA8BC6712A976622B9BF1E2B20CBF7C0912FA8552873338CE11CF0FCA320AC82F1F3E3A8F1F6C0FB244BA268E48C6B70531D4E51808A[...]
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", true);
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "132454751");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "fad1a14f0bb123ced605778d5e37a82ed326e8c3");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true);
Line Deleted : user_pref("keyword.URL", "hxxp://www.inboxdollars.com/search/results?ourmark=3&q=");
Line Deleted : user_pref("smartbar.machineId", "+NV/ZAWNCFALEIMTJEFTUWSHAQTTHFN6NPVBEWESDAB6EBNXS6B68C64AYNRFC6DOBI6XXQ3QKJWEXLVB/Q/VA");
Line Deleted : user_pref("valueApps.CT2192277.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT2192277.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2192277.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT2192277.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2192277.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT2192277.mam_gk_userBornDate.storedInFile", false);

-\\ Google Chrome v36.0.1985.5

[ File : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=492&aid=100&itype=a&ver=12627&tm=308&src=ds&p={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R1].txt - [16937 octets] - [24/05/2014 11:08:57]
AdwCleaner[S1].txt - [17035 octets] - [24/05/2014 11:10:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [17096 octets] ##########

SystemLook 04.09.10 by jpshortstuff
Log created at 11:23 on 24/05/2014 by Dennis
Administrator - Elevation successful

========== filefind ==========

Searching for "*OpenCandy*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\iLivid.exe.vir --a---- 3470848 bytes [21:16 01/11/2013] [08:18 24/10/2012] A361EABB45F0028CF53FBFE1C9712090
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\ilivid.ico.vir --a---- 9662 bytes [21:16 01/11/2013] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_de.qm.vir --a---- 32485 bytes [21:17 01/11/2013] [08:17 24/10/2012] E38586374B7462948E741513ACA73469
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_en.qm.vir --a---- 23 bytes [21:17 01/11/2013] [08:17 24/10/2012] 4AEF4415F2E976B2CC6F24B877804A57
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_es.qm.vir --a---- 31308 bytes [21:17 01/11/2013] [08:17 24/10/2012] 4F81DFF25D4A9D62AE6F00188F20DD95
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_fr.qm.vir --a---- 33782 bytes [21:17 01/11/2013] [08:17 24/10/2012] 74E8B1351C97B563C6150589ECA02669
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_it.qm.vir --a---- 31432 bytes [21:17 01/11/2013] [08:17 24/10/2012] 1CB37F7FF96D25B3409F4143FA433E04
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_pt.qm.vir --a---- 28820 bytes [21:17 01/11/2013] [08:17 24/10/2012] 9DAD581B07E6F8FA319F78E9D327191C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_tr.qm.vir --a---- 29146 bytes [21:17 01/11/2013] [08:17 24/10/2012] BBAE9B0AEA7697753FCDBC353D42FC38
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid\iLivid.exe.vir --a---- 7307776 bytes [18:52 11/01/2014] [23:55 11/02/2014] 0DFDD88C8DA5FAE3664D0B63469621CF
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk.vir --a---- 1013 bytes [18:53 11/01/2014] [21:07 21/03/2014] FC0DCA0CA117DDF2D08D53245FC9AE57
C:\AdwCleaner\Quarantine\C\Users\Dennis\Desktop\iLivid.lnk.vir --a---- 1005 bytes [18:53 11/01/2014] [21:07 21/03/2014] BB0E3230818E9512F78B8C3C7A77775D
C:\_OTL\MovedFiles\05242014_105210\C_Users\Dennis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk --a---- 1007 bytes [18:53 11/01/2014] [21:07 21/03/2014] BD126A142F478A065B0159818E705817

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\05242014_105210\C_Program Files (x86)\SketchUp\SketchUp 2013\Materials\Colors-Named\0129_WhiteSmoke.skm --a---- 1526 bytes [21:23 01/11/2013] [13:09 17/05/2013] AD41BC61879535202A0D3867FFB67716

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*OpenCandy*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid d------ [15:31 02/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid d------ [20:56 03/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid\iLivid d------ [20:56 03/05/2014]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\LocalLow\DataMngr d------ [15:10 24/05/2014]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "OpenCandy"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Dennis\AppData\Local\iLivid\iLivid.exe|Name=iLivid|"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-


----------



## Satchfan (Jan 12, 2009)

That cleaned up most but there are some more stragglers that we need to clear out. 

Can you tell me if you disabled Windows firewall or McAfees.


----------



## DennisI (Apr 24, 2014)

Avast is the only firewall on now.


----------



## Satchfan (Jan 12, 2009)

I think there was a mistake in part of the script I gave you so there are some more stragglers that we need to clear out.

*Please make sure MalwareBytes Anti-Malware is temporarily disabled for the duration of this fix as it may interfere with the successfully execution of the script below. *

*Run OTL*


double click on the icon to run it.
copy/paste *ALL* the following text written *inside the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL

*


Code:


:Services

:Reg
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"=- 
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"=-
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"=-
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"=-
"{818E04AA-75FB-4FB3-9F67-C802827383E6}"=-
"{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}"=-
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]

:Commands
[purity]
[emptytemp]
[Reboot]

*
click the *Run Fix* button at the top
let the program run unhindered, reboot when it is done
please post the OTL fix log but dont run OTL again until all these instructions are completed.

Please delete the old SystemLook.txt log on your desktop then run System Look again in the same way and post the new log.

Logs to include in the next post:

*OTL fix log
SystemLook.txt *

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

All processes killed
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{818E04AA-75FB-4FB3-9F67-C802827383E6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{818E04AA-75FB-4FB3-9F67-C802827383E6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CC71458-8D6E-4064-B96F-9C9584EDEDCF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{818E04AA-75FB-4FB3-9F67-C802827383E6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{818E04AA-75FB-4FB3-9F67-C802827383E6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CC71458-8D6E-4064-B96F-9C9584EDEDCF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{818E04AA-75FB-4FB3-9F67-C802827383E6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{818E04AA-75FB-4FB3-9F67-C802827383E6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CC71458-8D6E-4064-B96F-9C9584EDEDCF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CC71458-8D6E-4064-B96F-9C9584EDEDCF}\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dennis
->Temp folder emptied: 8184391 bytes
->Temporary Internet Files folder emptied: 33334 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28533908 bytes
->Google Chrome cache emptied: 6330676 bytes
->Flash cache emptied: 57817 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1269096 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16492 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1262 bytes

Total Files Cleaned = 42.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05252014_090550

Files\Folders moved on Reboot...
C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

SystemLook 04.09.10 by jpshortstuff
Log created at 09:57 on 25/05/2014 by Dennis
Administrator - Elevation successful

========== filefind ==========

Searching for "*OpenCandy*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\iLivid.exe.vir --a---- 3470848 bytes [21:16 01/11/2013] [08:18 24/10/2012] A361EABB45F0028CF53FBFE1C9712090
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\ilivid.ico.vir --a---- 9662 bytes [21:16 01/11/2013] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_de.qm.vir --a---- 32485 bytes [21:17 01/11/2013] [08:17 24/10/2012] E38586374B7462948E741513ACA73469
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_en.qm.vir --a---- 23 bytes [21:17 01/11/2013] [08:17 24/10/2012] 4AEF4415F2E976B2CC6F24B877804A57
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_es.qm.vir --a---- 31308 bytes [21:17 01/11/2013] [08:17 24/10/2012] 4F81DFF25D4A9D62AE6F00188F20DD95
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_fr.qm.vir --a---- 33782 bytes [21:17 01/11/2013] [08:17 24/10/2012] 74E8B1351C97B563C6150589ECA02669
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_it.qm.vir --a---- 31432 bytes [21:17 01/11/2013] [08:17 24/10/2012] 1CB37F7FF96D25B3409F4143FA433E04
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_pt.qm.vir --a---- 28820 bytes [21:17 01/11/2013] [08:17 24/10/2012] 9DAD581B07E6F8FA319F78E9D327191C
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid\translations\ilivid_tr.qm.vir --a---- 29146 bytes [21:17 01/11/2013] [08:17 24/10/2012] BBAE9B0AEA7697753FCDBC353D42FC38
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid\iLivid.exe.vir --a---- 7307776 bytes [18:52 11/01/2014] [23:55 11/02/2014] 0DFDD88C8DA5FAE3664D0B63469621CF
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk.vir --a---- 1013 bytes [18:53 11/01/2014] [21:07 21/03/2014] FC0DCA0CA117DDF2D08D53245FC9AE57
C:\AdwCleaner\Quarantine\C\Users\Dennis\Desktop\iLivid.lnk.vir --a---- 1005 bytes [18:53 11/01/2014] [21:07 21/03/2014] BB0E3230818E9512F78B8C3C7A77775D

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\05242014_105210\C_Program Files (x86)\SketchUp\SketchUp 2013\Materials\Colors-Named\0129_WhiteSmoke.skm --a---- 1526 bytes [21:23 01/11/2013] [13:09 17/05/2013] AD41BC61879535202A0D3867FFB67716

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*OpenCandy*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iLivid d------ [15:31 02/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid d------ [20:56 03/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\Local\iLivid\iLivid d------ [20:56 03/05/2014]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\AdwCleaner\Quarantine\C\Users\Dennis\AppData\LocalLow\DataMngr d------ [15:10 24/05/2014]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "OpenCandy"
[HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
"OfferProvider"="OpenCandy"
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BitTorrent\uTorrent]
"OfferProvider"="OpenCandy"

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-


----------



## Satchfan (Jan 12, 2009)

I think that you have done a great job and just two last stragglers to deal with and a new log to be sure.

If all that is clear, we can tidy up.

*Make sure MalwareBytes is still disabled *

*Run OTL*


double click on the icon to run it.
copy/paste *ALL* the following text written *inside the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL
*


Code:


:Services

:Reg
[-HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
[-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BitTorrent\uTorrent]

Commands
[purity]
[emptytemp]
[Reboot]

*
click the *Run Fix* button at the top
let the program run unhindered, reboot when it is done
please run OTL again and send the new OTL log.

Logs to include in the next post:

*OTL fix log
New OTL log*

Satchfan


----------



## DennisI (Apr 24, 2014)

I think there may be a problem with these OTL parms. I causes my system to crash. I tried it with some older parms and it worked,fine.


----------



## Satchfan (Jan 12, 2009)

> parms


I don't know what you mean.


----------



## DennisI (Apr 24, 2014)

This:
* :Reg [-HKEY_CURRENT_USER\Software\BitTorrent\uTorrent] [-HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BitTorrent\uTorrent] Commands [purity] [emptytemp] [Reboot]

causes windows to either stall or crash (both at one time or another).
*


----------



## Satchfan (Jan 12, 2009)

Lets try getting rid of it a different way without causing problems.

*Make sure MalwareBytes is still disabled *

*Run OTL*


double click on the icon to run it.
copy/paste *ALL* the following text written *inside the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL

*


Code:


:Services

:OTL

:Reg
[HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
"OfferProvider"=""
[HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BitTorrent\uTorrent]
"OfferProvider"=""
Commands
[purity]
[emptytemp]
[Reboot]

*
click the *Run Fix* button at the top
let the program run unhindered, reboot when it is done
please run OTL again and send the new OTL log.

Logs to include in the next post:

*OTL fix log
New OTL log*

Satchfan


----------



## DennisI (Apr 24, 2014)

This is the only output I got.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\BitTorrent\uTorrent\\"OfferProvider"|"" /E : value set successfully!
HKEY_USERS\S-1-5-21-3246782875-1836535004-4075896310-1000\Software\BitTorrent\uTorrent\\"OfferProvider"|""Commands /E : value set successfully!

OTL by OldTimer - Version 3.2.69.0 log created on 05272014_112823

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## Satchfan (Jan 12, 2009)

Well done Dennis, that worked; your computer appears to be clean.

Now that youre free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

*Uninstall Combofix*

Follow these steps to uninstall Combofix

click *START* then *RUN*
now type *Combofix /uninstall *in the runbox and click *OK*. 
 Note the space between the *X* and the */*, it needs to be there.











please follow the prompts to uninstall Combofix.
once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.

===================================================

*Uninstall OTL*

double-click *OTL.exe*
click the *CleanUp!* button. 
select *Yes* when the *Begin cleanup Process?* prompt appears. 
if you are prompted to reboot during the cleanup, select *Yes*. 
the tool will delete itself once it finishes, if not delete it by yourself. 
 *NOTE*: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

*Uninstall AdwCleaner*

double click on *adwcleaner.exe* to run the tool
click on *Uninstall*
confirm with *Yes*.
 You can delete all other logs and programs weve used that are on your desktop. Just click on them and press *Delete*.

===================================================

*Recommended programs*

*SpywareBlaster*. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

========================

Remember to re-enable *Malwarebytes*. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

*MVPS Hosts* file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information *here* and *here* which can answer any questions you might have about installing/using it.

===================================================

*I also recommend that you read the following:*

*How to prevent malware* by miekiemoes

*Help! My computer is slow! * by miekiemoes

*Simple and easy ways to keep your computer safe and secure on the Internet* by Lawrence Abrams

Finally, if your computer has no more problems and you are happy to close this, please click on Mark Solved at the top of the page.

Safe computing

Satchfan


----------



## Satchfan (Jan 12, 2009)

Hi Dennis

If you are happy to close this, please click on &#8220;Mark Solved&#8221; at the top or bottom of the page.

Thanks

Satchfan


----------



## DennisI (Apr 24, 2014)

Sorry to be so slow responding - little, hospital stay. Words can not express my appreciation for all your help, it was a real lifesaver.


----------



## Satchfan (Jan 12, 2009)

Thank you for responding.


I hope all is well with you & your family now.


You're welcome for the help and come back to us if there are any other problems.


Regards


Satchfan


----------

