Jump to content


Photo
- - - - -

http://rvzr-a.akamaihd.net pop-up windows

Browser hijacker pop-up windows

  • This topic is locked This topic is locked
19 replies to this topic

#1 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 26 September 2013 - 01:10 PM

Hello forum members.  New here.  For the past couple of months I've had a problem with a window which pops up when I'm searching, ordering, logging in to forums, etc.  I've searched everywhere for a solution, and have found that although others have this problem, a solution has not yet been found.

 

I use Chrome as my primary browser, and keep it up to date. OS is Windows 7.

 

I've run Norton scans, Malwarebytes scans, Hitman scans and a host of others.  Most recently I ran Hijackthis, and since I can't identify much of what I found in the results of the scan, I'm posting it here hoping someone will see something within the log which relates to this pop-up issue.

 

First, here is an example of the url which pops up at the most inconvenient times (even with AdBlocker installed in Chrome):

 

 
Here is the Hijackthis log file:
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:25:03 PM, on 9/24/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
CHROME: 6.0.0.12442
FIREFOX: 20.0.1 (en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Harry\Downloads\HIJACK\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe
 
\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition
 
\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier 
 
Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft 
 
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar
 
\GoogleToolbar_32.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar
 
\3.0.0560.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar
 
\3.0.0560.0\msneshellx.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine
 
\20.4.0.40\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar
 
\GoogleToolbar_32.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" 
 
UNATTENDED
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files 
 
(x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [IE 3.0 RegSvr schannel.dll] C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\schannel.dll
O4 - HKCU\..\Run: [Google Update] "C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Users\Harry\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Configuration Wizard.lnk = C:\Program Files (x86)\Symantec\WinFax\WTNSETUP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\OFFICE~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 
 
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - 
 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files
 
\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows
 
\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater
 
\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file 
 
missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files 
 
(x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Motorola Helper (MotoHelper.exe) - Motorola - C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service
 
\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA 
 
Update Core\daemonu.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file 
 
missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file 
 
missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file 
 
missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat
 
\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file 
 
missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem
 
\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files 
 
(x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file 
 
missing)
 
--
End of file - 13553 bytes
 
===================
 
Thank you in advance for any help.
 
Best regards -- themuse

 



#2 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,088 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 26 September 2013 - 01:19 PM

Download Junkware Removal tool from this link:

http://www.bleepingc...e-removal-tool/

Save to your desktop.

 

  • Shut down your Security Protection software now to avoid potential conflicts.

  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator. Follow prompts as they come.

  • The tool will open and start scanning your system. (Press any key when prompted to continue)

  • Please be patient as this can take a while to complete depending on your system's specifications.

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

  • Post JRT.txt to your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#3 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 26 September 2013 - 02:22 PM

Thank you for the quick response.  Here are the scan results you requested:

 

1.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Harry on Thu 09/26/2013 at 14:00:41.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4050790218-1552307734-3448739108-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
~~~ Files
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Harry\AppData\Roaming\pdfforge"
 
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/26/2013 at 14:10:31.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
2.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2013
Ran by Harry (administrator) on CQ5210F on 26-09-2013 14:14:12
Running from C:\Users\Harry\Downloads\JRT
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ISW] - "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
HKLM-x32\...\RunOnce: [IE 3.0 RegSvr schannel.dll] - C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\schannel.dll [340992 2012-06-02] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-03-28] (Google Inc.)
HKCU\...\Run: [cdloader] - C:\Users\Harry\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1764352 2011-07-12] (Dominik Reichl)
HKLM-x32\...\Run: [InstaLAN] - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1884064 2011-11-14] (Affinegy, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\DefaultAppPool\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM-x32 - {C61E4995-64CF-4072-84B3-C019EF8AF7FC} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
BHO-x32: No Name - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} -  No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 -  No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files (x86)\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU -  No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...Installer64.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks-x32:  - {A213B520-C6C2-11d0-AF9D-008029E1027E} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\jws03pwp.default-1378921600973
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Harry\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Harry\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [flashcatch@flashcatch.com] - C:\Program Files (x86)\FlashCatch\firefox
FF Extension: FlashCatch - C:\Program Files (x86)\FlashCatch\firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (Norton Identity Safe) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Widevine Media Optimizer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npwidevinemediaoptimizer.dll (Widevine Technologies)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Harry\AppData\Roaming\Mozilla\plugins\npatgpc.dll No File
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Easy Bookmark) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelppinkjknianlncbfhokbkipdhofnp\1.1_0
CHR Extension: (Google Docs) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0
CHR Extension: (History 2) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp\0.6.0_0
CHR Extension: (Adblock Plus) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0
CHR Extension: (Google Search) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Read Later Fast) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.6.0_0
CHR Extension: (Session Buddy) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0
CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhnkognlohdkpjkjongioociddgoibk\1.8.51.1_0
CHR Extension: (Network and Internet tools) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpdpmpcgcmpaeokmclflfpadaklgpji\1.66_0
CHR Extension: (YouTube Downloader) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fapjkciegccccojledkpnfgchdkjemec\2.2_0
CHR Extension: (SiteAdvisor) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0
CHR Extension: (Go to IMDb) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fipkcplmpmhcmfgkgahliaabodplkjio\1.2.6_0
CHR Extension: (Full Screen Weather) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0
CHR Extension: (goo.gl URL Shortener) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.5_0
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0
CHR Extension: (Speed Dial 2) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.7.0_0
CHR Extension: (Image Properties Context Menu) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.6_0
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0
CHR Extension: (Norton Identity Protection) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Video downloader for YouTube\u2122) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlelphbgdjafoigfmgicejflmnipnhil\15_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\Exts\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2011-11-14] (Affinegy, Inc.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-05-22] (McAfee, Inc.)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()
R2 MotoHelper.exe; C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [6656 2010-09-14] (Motorola)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-23] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [1525848 2013-09-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130925.001\IDSvia64.sys [520280 2013-08-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130925.001\IDSvia64.sys [520280 2013-08-21] (Symantec Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130926.004\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130926.004\ENG64.SYS [126040 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130926.004\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\VirusDefs\20130926.004\EX64.SYS [2099288 2013-08-29] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-05-01] (CACE Technologies, Inc.)
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [38392 2012-11-23] (IObit Information Technology)
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [38392 2012-11-23] (IObit Information Technology)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S0 bp32drv4; System32\drivers\bp32drv4.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-26 14:13 - 2013-09-26 14:13 - 00000000 ____D C:\FRST
2013-09-26 14:10 - 2013-09-26 14:10 - 00001514 _____ C:\Users\Harry\Desktop\JRT.txt
2013-09-26 13:58 - 2013-09-26 13:59 - 00000000 ____D C:\Users\Harry\Downloads\JRT
2013-09-26 13:41 - 2013-09-26 13:41 - 00000923 _____ C:\Users\Harry\Desktop\hijackthis-9-24-13.log - Shortcut.lnk
2013-09-26 13:24 - 2013-09-26 13:25 - 00002025 _____ C:\Users\Harry\Desktop\Malwarebyte.lnk
2013-09-26 12:35 - 2013-09-26 12:35 - 00000000 ____D C:\Users\Harry\Documents\TheatrGROUP
2013-09-24 17:17 - 2013-09-24 17:25 - 00000000 ____D C:\Users\Harry\Downloads\HIJACK
2013-09-23 08:49 - 2013-09-23 09:07 - 00001791 _____ C:\Users\Harry\Desktop\TERESA-KING-PHONE-RECORD.txt
2013-09-13 06:49 - 2013-09-20 20:14 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-12 10:55 - 2013-09-13 14:55 - 00000000 ____D C:\VueScan
2013-09-12 10:55 - 2013-09-12 11:01 - 00000638 _____ C:\Users\UpdatusUser\Desktop\VueScan.lnk
2013-09-12 10:55 - 2013-09-12 11:01 - 00000638 _____ C:\Users\Harry\Desktop\VueScan.lnk
2013-09-12 10:53 - 2013-09-12 10:53 - 00001062 _____ C:\Users\Public\Desktop\EPSON Smart Panel.lnk
2013-09-12 10:51 - 2013-09-12 10:52 - 00000000 ____D C:\Program Files (x86)\EPSON
2013-09-12 10:51 - 2001-03-18 15:16 - 00001571 _____ C:\Windows\Faxcpp1.ini
2013-09-12 10:51 - 2001-03-18 15:16 - 00000422 _____ C:\Windows\Faxcpp.ini
2013-09-12 10:51 - 1999-12-07 02:03 - 00073216 _____ (SEIKO EPSON CORPORATION) C:\Windows\ADE.DLL
2013-09-12 10:51 - 1999-08-09 23:50 - 00000072 _____ C:\Windows\SysWOW64\epDPE.ini
2013-09-12 10:51 - 1999-06-15 11:31 - 00096768 _____ C:\Windows\SlantAdj.dll
2013-09-12 10:51 - 1999-04-27 00:17 - 00003136 _____ C:\Windows\Ade001.bin
2013-09-12 10:50 - 2001-09-06 00:00 - 00036352 _____ (SEIKO EPSON CORP.) C:\Windows\SysWOW64\escwian.dll
2013-09-12 10:50 - 2001-07-27 00:00 - 00032256 ____N (SEIKO EPSON CORP.) C:\Windows\SysWOW64\escwiab.dll
2013-09-12 10:50 - 2001-07-27 00:00 - 00031744 ____N (SEIKO EPSON CORP.) C:\Windows\SysWOW64\escwiad.dll
2013-09-12 10:50 - 2001-06-25 00:00 - 00172032 ____N (SEIKO EPSON CORP.) C:\Windows\SysWOW64\ESDTR.dll
2013-09-12 10:50 - 2001-06-07 00:00 - 00086016 ____N (SEIKO EPSON CORP.) C:\Windows\SysWOW64\Epfb5cpl.dll
2013-09-12 10:50 - 2001-05-21 00:00 - 00077824 ____N (SEIKO EPSON CORP.) C:\Windows\SysWOW64\Esintpl.dll
2013-09-12 10:50 - 2001-05-07 00:00 - 00065536 ____N (SEIKO EPSON CORP) C:\Windows\SysWOW64\epcomdd.dll
2013-09-12 10:50 - 2000-10-11 00:00 - 00053248 ____N (SEIKO EPSON Corp.) C:\Windows\SysWOW64\ESICM.dll
2013-09-12 09:38 - 2013-09-12 09:38 - 00000000 ____D C:\Users\Harry\AppData\Roaming\PDF Architect
2013-09-12 09:37 - 2013-09-12 09:37 - 00001041 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-09-12 09:37 - 2013-09-12 09:37 - 00001003 _____ C:\Users\Harry\Desktop\PDF Architect.lnk
2013-09-12 09:37 - 2013-09-12 09:37 - 00000000 ____D C:\Users\Harry\Documents\PDF Architect Files
2013-09-12 09:37 - 2013-09-12 09:37 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-09-12 09:36 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-09-12 09:36 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-09-12 09:36 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-09-12 09:20 - 2013-09-12 09:20 - 00003180 _____ C:\Windows\System32\Tasks\{2D279E44-1BF4-48C8-BF4C-C1D83BD942BD}
2013-09-12 09:20 - 2013-09-12 09:20 - 00000000 ____D C:\Program Files (x86)\GPLGS
2013-09-12 09:19 - 2013-09-12 09:27 - 00000000 ____D C:\Users\Harry\Downloads\PDF-CONVERTER
2013-09-12 08:58 - 2013-09-12 08:58 - 00001261 _____ C:\Users\Public\Desktop\Adobe Acrobat 5.0.lnk
2013-09-12 08:58 - 2013-09-12 08:58 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-09-12 08:58 - 2001-10-11 17:35 - 00020588 _____ (Adobe Systems Incorporated.) C:\Windows\SysWOW64\PdfPorts.dll
2013-09-12 08:58 - 2001-10-11 17:34 - 00077824 _____ C:\Windows\SysWOW64\adistres.dll
2013-09-12 08:58 - 2001-04-27 14:02 - 00101200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\pdfshell.dll
2013-09-12 08:57 - 2013-09-12 08:57 - 00000000 ____D C:\Users\Harry\Documents\My eBooks
2013-09-12 08:57 - 2013-09-12 08:57 - 00000000 ____D C:\Users\Harry\AppData\Roaming\InterTrust
2013-09-12 08:47 - 2013-09-12 08:47 - 00292480 _____ C:\Windows\Minidump\091213-51714-01.dmp
2013-09-12 07:28 - 2013-09-12 07:28 - 00000771 _____ C:\Users\Harry\Desktop\CASENET - Shortcut.lnk
2013-09-11 10:57 - 2013-09-11 10:57 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 10:29 - 2013-09-11 10:45 - 00000000 ____D C:\AdwCleaner
2013-09-11 10:06 - 2012-06-19 15:41 - 00578474 _____ C:\Windows\_detmp.3
2013-09-11 10:06 - 2000-02-14 17:36 - 00128000 _____ (Symantec Corporation) C:\Windows\_detmp.4
2013-09-11 09:11 - 2013-09-11 09:11 - 00000000 ____D C:\Users\Harry\Documents\ATT
2013-09-11 03:35 - 2013-09-11 03:35 - 00001903 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-11 03:33 - 2013-09-11 03:35 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-11 03:32 - 2013-09-11 03:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-11 03:31 - 2013-09-11 11:09 - 00000000 ____D C:\Users\Harry\Downloads\HITMAN
2013-09-11 01:55 - 2013-09-11 01:55 - 00000000 ____D C:\Users\Harry\AppData\Roaming\qualys
2013-09-11 01:13 - 2010-12-20 18:09 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2013-09-11 00:26 - 2013-09-11 00:26 - 00000000 ____D C:\Users\Harry\Downloads\MICROSOFT FIXIT
2013-09-10 16:14 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-10 16:14 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-10 16:14 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-10 16:14 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-10 16:14 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-10 16:14 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-10 16:14 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-10 16:14 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-10 16:14 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-10 16:14 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-10 16:14 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-10 16:14 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-10 16:14 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-10 16:14 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-10 16:14 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-10 16:14 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-10 16:14 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-10 16:14 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-10 16:14 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-10 16:14 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-10 16:14 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 15:59 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 15:59 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 15:59 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 15:59 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 15:59 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 15:59 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 15:59 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 15:59 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 15:59 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 15:59 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 15:59 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 15:59 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 15:59 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 15:59 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 15:59 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 15:59 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 15:59 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 15:59 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 15:59 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 15:59 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 15:59 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 15:59 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 15:59 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 15:59 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:59 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 15:59 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-07 19:11 - 2013-09-07 19:11 - 00007019 _____ C:\Users\Harry\Desktop\KYOCERA.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-09-26 14:13 - 2013-09-26 14:13 - 00000000 ____D C:\FRST
2013-09-26 14:10 - 2013-09-26 14:10 - 00001514 _____ C:\Users\Harry\Desktop\JRT.txt
2013-09-26 14:08 - 2010-03-28 10:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-26 13:59 - 2013-09-26 13:58 - 00000000 ____D C:\Users\Harry\Downloads\JRT
2013-09-26 13:52 - 2012-10-12 09:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-26 13:42 - 2010-05-19 19:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050790218-1552307734-3448739108-1000UA.job
2013-09-26 13:41 - 2013-09-26 13:41 - 00000923 _____ C:\Users\Harry\Desktop\hijackthis-9-24-13.log - Shortcut.lnk
2013-09-26 13:25 - 2013-09-26 13:24 - 00002025 _____ C:\Users\Harry\Desktop\Malwarebyte.lnk
2013-09-26 12:40 - 2011-06-22 20:45 - 00000000 ____D C:\Users\Harry\Desktop\POLITICAL NOTES
2013-09-26 12:38 - 2010-12-14 01:41 - 00000000 ____D C:\Users\Harry\Desktop\DANNY
2013-09-26 12:35 - 2013-09-26 12:35 - 00000000 ____D C:\Users\Harry\Documents\TheatrGROUP
2013-09-26 12:33 - 2009-10-29 14:06 - 01861897 _____ C:\Windows\WindowsUpdate.log
2013-09-26 12:19 - 2010-04-04 15:28 - 00000000 ____D C:\Users\Harry\Documents\COMPUTER_ISSUES
2013-09-26 12:14 - 2010-05-19 19:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050790218-1552307734-3448739108-1000Core.job
2013-09-26 12:14 - 2010-03-28 10:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-25 14:52 - 2009-12-23 13:34 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHarry
2013-09-25 14:52 - 2009-12-23 13:34 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForHarry.job
2013-09-24 17:25 - 2013-09-24 17:17 - 00000000 ____D C:\Users\Harry\Downloads\HIJACK
2013-09-24 17:11 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 17:11 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 16:53 - 2010-11-25 17:53 - 00000000 ____D C:\Users\Harry\Downloads\FLASH
2013-09-24 10:45 - 2010-01-31 17:04 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{63C58751-CFD9-4E61-8D18-2CE72A557C6C}
2013-09-23 09:07 - 2013-09-23 08:49 - 00001791 _____ C:\Users\Harry\Desktop\TERESA-KING-PHONE-RECORD.txt
2013-09-21 08:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2013-09-20 20:14 - 2013-09-13 06:49 - 03723656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-20 20:14 - 2012-10-12 09:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 20:14 - 2012-04-11 11:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 20:14 - 2012-01-15 11:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 11:03 - 2010-03-03 13:34 - 00000000 ____D C:\Users\Harry\Documents\VA
2013-09-19 15:36 - 2012-08-26 18:51 - 00000000 ____D C:\Users\Harry\Documents\MISC MELBA
2013-09-19 10:39 - 2010-03-29 03:54 - 00000000 ____D C:\Users\Harry\Documents\HG
2013-09-19 08:47 - 2009-12-21 13:04 - 00000000 ____D C:\THEATRGROUP
2013-09-16 11:36 - 2012-08-31 14:33 - 00000998 _____ C:\Users\Harry\Desktop\magicJack.lnk
2013-09-16 11:36 - 2012-08-31 14:33 - 00000984 _____ C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2013-09-16 11:36 - 2012-08-31 14:32 - 00000000 ____D C:\Users\Harry\AppData\Roaming\mjusbsp
2013-09-16 11:35 - 2009-07-13 23:51 - 00057949 _____ C:\Windows\setupact.log
2013-09-15 09:10 - 2013-08-19 09:40 - 00000000 ____D C:\Users\Harry\Documents\4-SALE
2013-09-13 17:04 - 2011-08-11 20:07 - 00000000 ____D C:\Users\Harry\Documents\BOONO
2013-09-13 16:12 - 2010-04-17 21:40 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-09-13 15:49 - 2010-04-17 21:32 - 00000000 ____D C:\Users\Harry\Downloads\QUICKTIME
2013-09-13 14:55 - 2013-09-12 10:55 - 00000000 ____D C:\VueScan
2013-09-13 13:54 - 2011-07-22 18:37 - 00000000 ____D C:\Users\Harry\AppData\Roaming\KeePass
2013-09-12 11:01 - 2013-09-12 10:55 - 00000638 _____ C:\Users\UpdatusUser\Desktop\VueScan.lnk
2013-09-12 11:01 - 2013-09-12 10:55 - 00000638 _____ C:\Users\Harry\Desktop\VueScan.lnk
2013-09-12 10:56 - 2010-02-10 14:04 - 00018622 _____ C:\Windows\DPINST.LOG
2013-09-12 10:55 - 2010-04-14 15:07 - 00000000 ____D C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TWAIN Working Group
2013-09-12 10:53 - 2013-09-12 10:53 - 00001062 _____ C:\Users\Public\Desktop\EPSON Smart Panel.lnk
2013-09-12 10:52 - 2013-09-12 10:51 - 00000000 ____D C:\Program Files (x86)\EPSON
2013-09-12 10:47 - 2009-08-21 11:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-12 09:38 - 2013-09-12 09:38 - 00000000 ____D C:\Users\Harry\AppData\Roaming\PDF Architect
2013-09-12 09:38 - 2009-12-16 21:57 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-09-12 09:37 - 2013-09-12 09:37 - 00001041 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-09-12 09:37 - 2013-09-12 09:37 - 00001003 _____ C:\Users\Harry\Desktop\PDF Architect.lnk
2013-09-12 09:37 - 2013-09-12 09:37 - 00000000 ____D C:\Users\Harry\Documents\PDF Architect Files
2013-09-12 09:37 - 2013-09-12 09:37 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-09-12 09:27 - 2013-09-12 09:19 - 00000000 ____D C:\Users\Harry\Downloads\PDF-CONVERTER
2013-09-12 09:20 - 2013-09-12 09:20 - 00003180 _____ C:\Windows\System32\Tasks\{2D279E44-1BF4-48C8-BF4C-C1D83BD942BD}
2013-09-12 09:20 - 2013-09-12 09:20 - 00000000 ____D C:\Program Files (x86)\GPLGS
2013-09-12 09:08 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-12 08:58 - 2013-09-12 08:58 - 00001261 _____ C:\Users\Public\Desktop\Adobe Acrobat 5.0.lnk
2013-09-12 08:58 - 2013-09-12 08:58 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-09-12 08:58 - 2010-10-21 14:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-12 08:58 - 2009-12-15 10:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-12 08:58 - 2009-12-14 12:20 - 00000000 ____D C:\Users\Harry\AppData\Roaming\Adobe
2013-09-12 08:57 - 2013-09-12 08:57 - 00000000 ____D C:\Users\Harry\Documents\My eBooks
2013-09-12 08:57 - 2013-09-12 08:57 - 00000000 ____D C:\Users\Harry\AppData\Roaming\InterTrust
2013-09-12 08:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv
2013-09-12 08:47 - 2013-09-12 08:47 - 00292480 _____ C:\Windows\Minidump\091213-51714-01.dmp
2013-09-12 08:47 - 2011-01-30 19:11 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2013-09-12 08:47 - 2010-11-20 01:26 - 412643167 _____ C:\Windows\MEMORY.DMP
2013-09-12 08:47 - 2010-11-20 01:26 - 00000000 ____D C:\Windows\Minidump
2013-09-12 08:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 07:28 - 2013-09-12 07:28 - 00000771 _____ C:\Users\Harry\Desktop\CASENET - Shortcut.lnk
2013-09-11 21:35 - 2009-07-14 00:08 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 21:34 - 2009-08-21 11:52 - 00559172 _____ C:\Windows\PFRO.log
2013-09-11 21:33 - 2012-07-08 18:49 - 00000000 ____D C:\Users\Harry\Downloads\CHROME
2013-09-11 18:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 12:46 - 2009-12-14 12:02 - 00000000 ____D C:\Users\Harry
2013-09-11 11:09 - 2013-09-11 03:31 - 00000000 ____D C:\Users\Harry\Downloads\HITMAN
2013-09-11 10:57 - 2013-09-11 10:57 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 10:45 - 2013-09-11 10:29 - 00000000 ____D C:\AdwCleaner
2013-09-11 10:08 - 2011-08-19 19:50 - 00000000 ____D C:\Users\Harry\AppData\Roaming\ArmorSurf
2013-09-11 10:06 - 2011-07-04 08:45 - 00000000 ____D C:\Users\Harry\AppData\Local\CrashDumps
2013-09-11 10:06 - 2009-07-13 21:34 - 00000841 _____ C:\Windows\win.ini
2013-09-11 10:06 - 2009-07-13 21:34 - 00000219 _____ C:\Windows\SYSTEM.INI
2013-09-11 10:00 - 2012-05-16 12:59 - 00000000 ____D C:\ProgramData\WebEx
2013-09-11 09:11 - 2013-09-11 09:11 - 00000000 ____D C:\Users\Harry\Documents\ATT
2013-09-11 03:48 - 2013-09-11 03:32 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-11 03:35 - 2013-09-11 03:35 - 00001903 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-11 03:35 - 2013-09-11 03:33 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-11 01:55 - 2013-09-11 01:55 - 00000000 ____D C:\Users\Harry\AppData\Roaming\qualys
2013-09-11 01:49 - 2009-12-21 12:39 - 00000000 ____D C:\Users\Harry\AppData\Local\Adobe
2013-09-11 01:48 - 2009-12-21 12:42 - 00000000 ____D C:\ProgramData\Adobe
2013-09-11 01:42 - 2011-07-27 23:26 - 00000000 ____D C:\Users\Harry\Downloads\ADOBE READER
2013-09-11 01:14 - 2011-04-10 17:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-11 00:26 - 2013-09-11 00:26 - 00000000 ____D C:\Users\Harry\Downloads\MICROSOFT FIXIT
2013-09-10 16:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\catroot2.old
2013-09-10 16:26 - 2009-12-14 12:12 - 00000000 ___RD C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-10 16:26 - 2009-12-14 12:12 - 00000000 ___RD C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-10 16:25 - 2009-07-13 23:45 - 00550688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-10 16:12 - 2013-07-11 20:55 - 00000000 ____D C:\Windows\system32\MRT
2013-09-10 16:09 - 2009-12-15 08:33 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-09 09:38 - 2013-04-30 20:47 - 00000000 ____D C:\Users\Harry\Documents\DISH-TV
2013-09-09 08:36 - 2011-02-06 00:27 - 00000000 ____D C:\Program Files (x86)\Opera
2013-09-09 02:19 - 2010-12-21 10:06 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-09-07 19:11 - 2013-09-07 19:11 - 00007019 _____ C:\Users\Harry\Desktop\KYOCERA.lnk
2013-08-29 22:28 - 2012-12-20 01:26 - 00000000 ____D C:\Program Files\McAfee
 
Files to move or delete:
====================
C:\Users\Harry\AppData\Roaming\CamLayout.ini
C:\Users\Harry\AppData\Roaming\CamShapes.ini
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-11 18:01
 
==================== End Of Log ============================
 
3.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2013
Ran by Harry at 2013-09-26 14:15:40
Running from C:\Users\Harry\Downloads\JRT
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 Premier Edition (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Acrobat.com (x32 Version: 2.0.0)
Acrobat.com (x32 Version: 2.0.0.0)
Activate Norton Online Backup (x32 Version: 1.1.20.0)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2)
Adobe Acrobat 5.0 (x32 Version: 5.0)
Adobe AIR (x32 Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
Advanced PDF Password Recovery (x32 Version: 5.5.97.1071)
Advanced PDF Password Recovery Pro (x32)
AIM 7 (x32)
AIM Toolbar (x32)
AMP Font Viewer (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Applet_App (x32)
Applet_Copy (x32)
Applet_Creativity (x32)
Applet_Email (x32)
Applet_Epp (x32)
Applet_File (x32)
Applet_OCR (x32)
Applet_Web (x32)
ArcSoft PhotoImpression 3.0 (x32)
Artisteer 2 (Beta) (x32 Version: 2.0)
Audacity 2.0.3 (x32 Version: 2.0.3)
Avi to Mpeg 3.2 (x32 Version: 3.0)
AVS Update Manager 1.0 (x32)
AVS Video Converter 8 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Backpack Driver (x32)
Belkin Setup and Router Monitor (x32)
Celtx (2.9.7) (x32 Version: 2.9.7 (en-US))
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
ConvertHelper 2.2 (x32)
Copy Utility (x32)
CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101)
DHTML Menu Builder 4.3 (x32)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
EPSON Photo Print (x32)
EPSON Smart Panel (x32)
EPSON TWAIN 5 (x32)
ffdshow [rev 3119] [2009-10-27] (x32 Version: 1.0)
Final Draft (x32 Version: 8.0.3.120)
Final Draft 6 (x32 Version: 6.0.10)
Final Draft AV Demo (x32)
FlashCatch (x32)
FLV Downloader (HKCU)
FLVideoConverter (x32)
FontInfo 1.0.2.1 (x32)
FontPage 2.0.8 (x32)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
Freez FLV to AVI/MPEG/WMV Converter (x32 Version: 1.6)
Freez Screen Video Capture v1.2 (x32 Version: 1.2)
Google Chrome (x32 Version: 29.0.1547.76)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
Greenshot 1.1.5.2643 (Version: 1.1.5.2643)
Hardware Diagnostic Tools (Version: 6.0.5434.08)
HitmanPro 3.7 (Version: 3.7.7.205)
HP Advisor (x32 Version: 3.2.8946.3086)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3)
HP Games (x32 Version: 1.0.0.71)
HP Odometer (x32 Version: 2.10.0000)
HP Remote Solution (x32 Version: 1.1.9.0)
HP Setup (x32 Version: 1.2.3220.3079)
HP Support Assistant (x32 Version: 4.2.8.3)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.001.000.014)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3)
IMVU Avatar Chat Software (HKCU)
Inkscape 0.48.1  (x32 Version: 0.48.1)
Internet TV for Windows Media Center (x32 Version: 3.2.1.0)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 6 Update 37 (x32 Version: 6.0.370)
Junk Mail filter update (x32 Version: 14.0.8117.416)
KeePass Password Safe 1.20 (x32 Version: 1.20)
KeePass Password Safe 2.16 (x32)
Knoll Light Factory EZ Studio (x32)
LabelPrint (x32 Version: 2.5.1901)
LightScribe System Software (x32 Version: 1.18.5.1)
LiveAdvisor (Symantec Corporation) (x32 Version: 1.0.0.706)
LiveUpdate (x32)
LiveUpdate BVRP Software (x32 Version: 1.00.005)
LSI PCI-SV92EX Soft Modem (Version: 2.2.100)
Macromedia Contribute 3.11 (x32 Version: 3.11.0.2419)
Macromedia Dreamweaver 8 (x32 Version: 8.0.0.2734)
Macromedia Extension Manager (x32 Version: 1.7.240)
Macromedia Fireworks 8 (x32 Version: 8.0.0.777)
Macromedia Flash 8 (x32 Version: 8.00.0000)
Macromedia Flash 8 Video Encoder (x32 Version: 1.00.0000)
Magic Bullet Looks Studio (x32)
magicJack (HKCU Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee SiteAdvisor (x32 Version: 3.6.196)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
mobile PhoneTools (x32 Version: 3.07a 25/05/2004)
Moto Helper Service (x32 Version: 5.5)
MotoHelper 2.1.40 Driver 5.5.0 (x32 Version: 2.1.40)
MotoHelper MergeModules (x32 Version: 1.0.0)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0)
Mototools Software Update (x32 Version: 3.3.6)
Mozilla Firefox 20.0.1 (x86 en-US) (x32 Version: 20.0.1)
Mozilla Maintenance Service (x32 Version: 20.0.1)
Mozilla Thunderbird (3.1.5) (x32 Version: 3.1.5 (en-US))
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Netscape Navigator (9.0.0.6) (x32 Version: 9.0.0.6 (en-US))
Norton 360 Premier Edition (x32 Version: 20.4.0.40)
NoteTab Pro (Remove only) (x32 Version: 4.91)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Display Control Panel (Version: 6.14.12.5721)
NVIDIA Drivers (Version: 1.10.61.39)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OE-Mail Recovery 1.7 (x32)
Opera 12.16 (x32 Version: 12.16.1860)
Oxelon Media Converter 1.1 (x32)
Paint Shop Pro 5.01 (x32)
Paint Shop Pro 7 ESD (x32 Version: 7.0.0.0000)
Password Fortress 1.0.1 (x32 Version: 1.0.1)
PDF Architect (x32 Version: 1.1.83.9982)
PDFCreator (x32 Version: 1.7.1)
Personal Vault 1.4 (x32)
Pinnacle Studio 14 (x32 Version: 14.0.0.7255)
Pinnacle Studio Ultimate Collection Plugins (x32 Version: 14.0.0.7255)
Pinnacle Video Driver (Version: 12.1.0.030)
Pinnacle VideoSpin (x32 Version: 2.0.0.669)
Power2Go (x32 Version: 6.0.3101)
PowerDirector (x32 Version: 7.0.3101)
PowerRecover (x32 Version: 5.5.1923)
Protected Folder (x32)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
Red Giant ToonIt Studio (x32)
Safari (x32 Version: 5.34.57.2)
ScanToWeb (x32)
SureThing Express Labeler (x32)
SWFRIP 0.4 (x32)
Symantec WinFax PRO 10.0 (x32)
Text-Osterone 1.117 (x32)
The KMPlayer (remove only) (x32)
Trapcode 3DStroke Studio (x32)
Trapcode Particular Studio (x32)
Trapcode Shine Studio (x32)
Twacker 64 (Version: 2.0.1)
Ulead COOL 3D 2 (x32)
Ulead COOL 3D 3.5 (x32)
VueScan (x32)
Widevine Media Optimizer Chrome 6.0.0 (HKCU Version: 6.0.0.12442)
Widevine Media Optimizer Chrome 6.0.0 (x32 Version: 6.0.0.12442)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinHTTrack Website Copier 3.43-9C (x64) (Version: 3.43.9)
WinSCP 4.3.7 (x32 Version: 4.3.7)
WinX Free MOV to MPEG Converter 4.1.9 (x32)
WinZip (x32 Version:  9.0 SR-1 (6224))
Xenu's Link Sleuth (x32 Version: 1.3.7)
Xilisoft MOV Converter (x32 Version: 5.1.37.0120)
ZOC Terminal (x32 Version: 4.15)
 
==================== Restore Points  =========================
 
24-09-2013 22:08:02 9-24-13
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2013-09-26 13:52 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0643BEA0-C4D4-45BE-A774-8DDA9CAB2475} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {2413C324-1674-4D4D-91B7-643ED5EB3582} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4050790218-1552307734-3448739108-1000Core => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28] (Google Inc.)
Task: {346D0D31-1355-4AC4-9161-7B0AE03C158C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-28] (Google Inc.)
Task: {3544EFEF-9F01-4F0F-B703-BEFEDE71BF6F} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {5792F989-82CA-4085-A8FF-2FAA36EA69E7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4050790218-1552307734-3448739108-1000UA => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-28] (Google Inc.)
Task: {5F6356D6-A32C-4CA3-9FCE-01AA5BFF512D} - System32\Tasks\Norton One\Norton Error Processor => C:\Program Files (x86)\Norton One\Engine\3.2.0.19\SymErr.exe
Task: {67BB25DB-E406-42F4-B3F2-E4FBD11415F8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {712EC6AF-97F0-4CB9-9C61-7415C5609E50} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {7683DF85-C451-4DC1-A311-6C537DF1E268} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {773EB4CF-BB47-4107-A398-96BF440D286E} - System32\Tasks\Norton One\Norton Error Analyzer => C:\Program Files (x86)\Norton One\Engine\3.2.0.19\SymErr.exe
Task: {7A8EF999-2A2C-4EC5-9798-8A4481FC3C84} - System32\Tasks\HPCeeScheduleForHarry => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {8E5BF0AB-80E6-4924-9EBF-91BBD67DC321} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-04-05] (Microsoft Corporation)
Task: {9315E4BC-F162-4041-B3E0-3E2C2664FD8F} - System32\Tasks\User_Feed_Synchronization-{63C58751-CFD9-4E61-8D18-2CE72A557C6C} => C:\Windows\system32\msfeedssync.exe [2013-03-13] (Microsoft Corporation)
Task: {A8465D0B-9AE0-4F13-B016-ABA1D8532A9E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {BFB46608-F1E6-4B0B-802B-1AF974EA5345} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {E9F9B529-2314-4DAC-BCA9-FF269854EC62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-28] (Google Inc.)
Task: {FE61DDF7-EADA-48D7-A45B-126AB8F85EAB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050790218-1552307734-3448739108-1000Core.job => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4050790218-1552307734-3448739108-1000UA.job => C:\Users\Harry\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHarry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-08-21 12:38 - 2013-02-19 22:32 - 18376008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2012-03-22 20:20 - 2012-02-18 21:35 - 00192208 _____ (Martin Prikryl) C:\Program Files (x86)\WinSCP3\DragExt64.dll
2013-06-11 13:40 - 2013-05-28 12:52 - 01728336 ____R (SwapDrive, Inc.) C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\20.4.0.40\BuEng.dll
2013-09-10 15:59 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 15:59 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2013-09-10 15:59 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNELBASE.dll
2011-03-02 12:39 - 2010-11-20 07:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2011-03-02 12:39 - 2010-11-20 07:08 - 00311296 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2009-07-13 18:25 - 2009-07-13 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.dll
2011-03-02 12:39 - 2010-11-20 07:21 - 00626176 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2012-02-14 19:08 - 2011-12-16 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2011-03-02 12:39 - 2010-11-20 07:18 - 00640512 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2009-07-13 18:11 - 2009-07-13 20:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2013-08-13 19:35 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2012-07-10 19:13 - 2012-06-01 23:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\syswow64\SspiCli.dll
2009-07-13 18:12 - 2009-07-13 20:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPTBASE.dll
2013-09-10 15:59 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2011-03-02 12:39 - 2010-11-20 07:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2011-03-02 12:39 - 2010-11-20 07:20 - 01414144 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2011-10-12 18:56 - 2011-08-26 23:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2013-08-13 19:35 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\syswow64\CRYPT32.dll
2011-03-02 12:39 - 2010-11-20 07:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\syswow64\MSASN1.dll
2013-08-13 19:35 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\syswow64\WINTRUST.dll
2009-07-13 18:28 - 2009-07-13 20:15 - 00828928 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2011-03-02 12:39 - 2010-11-20 07:21 - 00269824 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2013-06-10 11:00 - 2011-11-14 15:13 - 00243616 _____ (Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\AffIpHelper.dll
2011-03-02 12:39 - 2010-11-20 07:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2009-07-13 18:12 - 2009-07-13 20:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2013-06-10 11:00 - 2011-11-14 15:13 - 00139680 _____ (Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\AffCrypto.dll
2011-03-02 12:39 - 2010-11-20 07:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2011-06-30 21:59 - 2011-05-24 05:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\syswow64\CFGMGR32.dll
2011-06-30 21:59 - 2011-05-24 05:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\syswow64\DEVOBJ.dll
2009-07-13 18:44 - 2009-07-13 20:15 - 00522240 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2013-06-10 11:00 - 2011-11-14 15:13 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2009-07-13 18:15 - 2009-07-13 20:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2012-04-10 18:54 - 2012-03-01 00:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll
2013-09-10 15:59 - 2013-08-01 20:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcWow64.DLL
2009-07-13 18:15 - 2009-07-13 20:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\syswow64\psapi.dll
2012-01-20 17:54 - 2012-01-20 17:54 - 01032192 _____ (Motorola Mobility Inc.) C:\Program Files (x86)\Motorola\MotoHelper\PST.dll
2013-09-10 15:59 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\syswow64\KERNEL32.dll
2013-09-10 15:59 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\syswow64\shell32.dll
2010-09-14 23:33 - 2010-09-14 23:33 - 00004608 _____ () C:\Program Files (x86)\Motorola\Moto Helper Service\Command.dll
2010-06-20 19:22 - 2010-06-20 19:22 - 00017920 _____ () C:\Program Files (x86)\Motorola\Moto Helper Service\merapi-core-cs.dll
2011-03-02 12:39 - 2010-11-20 07:21 - 00206848 _____ (Microsoft Corporation) C:\Windows\syswow64\ws2_32.dll
2013-09-10 16:14 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2011-03-02 12:39 - 2010-11-20 07:08 - 00833024 _____ (Microsoft Corporation) C:\Windows\syswow64\user32.DLL
2011-03-02 12:39 - 2010-11-20 07:21 - 00350208 _____ (Microsoft Corporation) C:\Windows\syswow64\shlwapi.DLL
2009-07-13 18:15 - 2009-07-13 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\syswow64\normaliz.DLL
2013-09-10 16:14 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2011-03-02 12:39 - 2010-11-20 07:21 - 01667584 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.DLL
2013-06-10 11:00 - 2010-08-22 20:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2013-06-10 11:00 - 2010-08-22 20:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2013-06-10 11:00 - 2010-08-22 20:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2011-03-02 12:39 - 2010-11-20 07:18 - 00485888 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2011-03-02 12:38 - 2010-11-20 07:08 - 00119808 _____ (Microsoft Corporation) C:\Windows\syswow64\IMM32.dll
2013-06-10 11:00 - 2010-08-22 20:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2013-06-10 11:00 - 2010-08-22 19:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2009-07-13 18:15 - 2009-07-13 20:10 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SFC.DLL
2013-09-10 16:14 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2012-07-10 19:13 - 2012-06-01 23:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2009-07-13 18:33 - 2009-07-13 20:17 - 00249680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2013-06-10 11:00 - 2011-11-14 15:13 - 02204064 _____ (Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\AffStateMc.dll
2013-06-10 11:00 - 2011-11-14 15:13 - 00205216 _____ (Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\affNdis.dll
2013-06-10 11:00 - 2010-08-22 19:36 - 00118784 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Program Files (x86)\Belkin\Router Setup and Monitor\W32N55.dll
2013-06-10 11:00 - 2013-09-12 08:49 - 00180224 _____ (Softanics) C:\Users\Harry\AppData\Local\Temp\AFF1.tmp\f_in_box.dll
2013-06-10 11:00 - 2011-11-14 14:28 - 00663552 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2013-04-08 18:03 - 2013-04-08 18:03 - 00299008 _____ (The cURL library, http://curl.haxx.se/) C:\Program Files (x86)\PDF Architect\libcurl.dll
2011-03-02 12:38 - 2010-11-20 07:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-06-11 13:40 - 2013-05-28 12:52 - 01439056 ____R (SwapDrive, Inc.) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\BuEng.dll
2011-03-02 12:39 - 2010-11-20 07:21 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2013-09-18 08:38 - 2013-08-21 09:34 - 00799136 _____ (Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130918.001\IDSxpx86.dll
2009-07-13 18:53 - 2009-07-13 20:15 - 00462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-06-11 13:40 - 2012-08-16 20:05 - 00374232 ____R (GEAR-Software) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\gwrks32.dll
2013-06-11 13:40 - 2012-08-16 20:05 - 03914712 ____R (GEAR-Software) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\gearaw32.dll
2013-09-25 15:05 - 2013-08-21 09:34 - 00799136 _____ (Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\IPSDefs\20130925.001\IDSxpx86.dll
2013-09-23 23:37 - 2013-09-23 23:37 - 02037688 _____ (Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.1.22\Definitions\BASHDefs\20130924.001\BHEngine.dll
2013-06-11 13:41 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360 PREMIER EDITION\ENGINE\20.4.0.40\wincfi39.dll
2009-07-13 18:24 - 2009-07-13 20:15 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2009-07-13 18:31 - 2009-07-13 20:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiltcfg.dll
2011-03-02 12:39 - 2010-11-20 07:19 - 02341376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:DED17083
AlternateDataStreams: C:\ProgramData\Temp:F4CA4D70
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2010-04-05 14:48:07.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-04-05 14:34:11.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 2942.49 MB
Available physical RAM: 1677.62 MB
Total Pagefile: 5883.17 MB
Available Pagefile: 4031.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (COMPAQ) (Fixed) (Total:454.76 GB) (Free:282.01 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (WD MediaCtr) (Fixed) (Total:149.01 GB) (Free:99.69 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 149 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)
 
==================== End Of Log ============================


#4 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,088 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 26 September 2013 - 02:52 PM

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingc...oad/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.

  • Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.

  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

  • Look over the log especially under Files/Folders for any program you want to save.

  • If there's a program you want to save, just uncheck it from AdwCleaner.

  • If you're not sure, post the log for review.

  • If you're ready to clean it all up.....click the Clean button.

  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.

  • Copy and paste the contents of that logfile in your next reply.

  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine

  • To restore an item that has been deleted (if necessary):

  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named

  • Reboot to safe mode

  • Run Dr Web

  • Tick the I agree box and select continue

  • Click select objects for scanning

     

    drwebselect.JPG

     

  • Tick all boxes as shown

  • Click the wrench and select automatically apply actions to threats

     

    drwebfolders.JPG

     

  • Press start scan

  • The scan will now commence

     

    drwebscan.JPG

     

  • Once the scan has finished click open report

     

    drwebscancomplete.JPG

     

  • A notepad will open

  • Select File > Save as..

  • Save it to your desktop

 

Attach the log to your next reply…

 

Kevin..

Attached Files


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#5 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 26 September 2013 - 03:07 PM

Dear Kevin - Thank you for your help thus far.  I won't be able to continue past this point.  For one thing, I'm leaving town tomorrow for several days and my desktop does not come with me.

 

For another thing, I have in the past used various software programs which scanned, then offered hundreds of "check boxes" for me to decide which to keep and which to "fix".  To make a long story short, after I clicked "fix" with one of these programs, my computer became so unstable, the only thing which saved me was a restore point.  I don't want to even risk going down that path again.

 

I don't have the tech savvy to know which to keep and which to fix, nor do I wish to continue with programs which may inadvertently negatively alter my registry files.  In other words, unless you can somehow convince me I'm smart enough to know which to keep and which to fix, I'm "chicken".

 

Sorry to have wasted your time. 

 

Best regards,

 

themuse



#6 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 26 September 2013 - 03:21 PM

P.S.  You should find a donation from me marked "Gratitude" next time you check your PayPal.  Wish it could have been more.  I'm on a fixed income.  It's obvious this forum does excellent work.

 

Best again,

 

Harry



#7 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,088 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 26 September 2013 - 04:05 PM

The instructions I posted are quite straightforward, I try my best to make them as user friendly as I can. Are you calling time on your thread, do you want me to close out....


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#8 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 26 September 2013 - 07:16 PM

The instructions are straightforward for you, but cause me concern, because I don't trust myself.  At any rate, I have to go out of town tomorrow for a few days.  May I come back to this when I return?

 

Thanks,

Harry



#9 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,088 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 27 September 2013 - 02:24 AM

Yes please do, if you let me know what part of the instructions are not clear enough maybe I can help more...


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#10 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,497 posts
  • Gender:Male
  • Location:US

Posted 01 October 2013 - 02:04 AM

bump to keep open for now


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#11 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 02 October 2013 - 09:16 AM

Hi Kevin, I'm back.  While I'm downloading Dr. Web, I'll go ahead and post the Fixlog.txt and AdwCleaner[R2].txt so you can see the results.  The AdwCleaner[R2].txt is the result of a fresh download.  The only things in the report are Registry values.  No Folders, Files, etc.  Here are the copies:

 

1. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02
Ran by Harry at 2013-10-02 08:56:05 Run:1
Running from C:\Users\Harry\Downloads\JRT
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Users\Harry\AppData\Roaming\CamLayout.ini
C:\Users\Harry\AppData\Roaming\CamShapes.ini
AlternateDataStreams: C:\ProgramData\Temp:DED17083
AlternateDataStreams: C:\ProgramData\Temp:F4CA4D70
End
 
*****************
 
C:\Users\Harry\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Harry\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\ProgramData\Temp => ":DED17083" ADS removed successfully.
C:\ProgramData\Temp => ":F4CA4D70" ADS removed successfully.
 
==== End of Fixlog ====
 
2.
 
# AdwCleaner v3.006 - Report created 02/10/2013 at 09:02:12
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Harry - CQ5210F
# Running from : C:\Users\Harry\Downloads\JRT\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\ParetoLogic
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
[ File : C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\jws03pwp.default-1378921600973\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R2].txt - [2056 octets] - [02/10/2013 09:02:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2116 octets] ##########
 
===============
 
Now I'll reboot to Safe Mode and run Cureit.
 
Back in a while.


#12 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 02 October 2013 - 10:08 AM

Dr. Web found no threats when run in Safe Mode.

 

Attached is the Dr. Web log file.  

 

Attached File  cureit.log   5.71MB   2 downloads

 

Thanks for your consideration.  I'll check back later today.

 

Best regards,

 

Harry



#13 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,088 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 02 October 2013 - 12:47 PM

Run Malwarebytes, check for updates then run a Quick scan. Let me see that log...

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spy...curityCheck.exe or http://screen317.cha...curityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also let me know if there are any remaining issues or concerns..

 

Kevin


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#14 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 02 October 2013 - 03:25 PM

Let me put it this way - the 200+ icons which I had arranged in a certain order on my desktop are now completely scrambled.  I had to squint my eyes for 2 minutes just to find MalwareBytes this time around.

 

Secondly, despite all of these downloads and log postings, the problem still exists with http://rvzr-a.akamaihd.net pop-up windows.

 

 

Here's the Malwarebytes log requested from the latest download.

 

--------------------------------------------------------------------

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.02.11
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Harry :: CQ5210F [administrator]
 
10/2/2013 3:09:26 PM
mbam-log-2013-10-02 (15-09-26).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 256966
Time elapsed: 9 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
------------------------------------------------------------------
 
I'm going to call it quits now.  Thanks for trying.
 
Best regards,
 
Harry


#15 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,088 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 02 October 2013 - 03:37 PM

Hello Harry,

 

When you ran AdwCleaner you only used the scan function to identify issues, you never actually used the "Clean" option to remove them....

 

We can run another tool to see if we locate what causes the issue you mention. I`m not sure what you mean about the icons, having 200 on ones Desktop is not usual...

 

Download Zoek.zip from here http://www.hijackthi...220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: [url] http://www.techsuppo...90111.html[/url

 

Double click on each in turn until one version will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

Process;
emptyclsid;
firefoxlook;
Chromelook;
CHRdefaults;
autoclean;
iedefaults;
filesrcm;
startupall;
silentrunners;

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#16 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 02 October 2013 - 07:28 PM

Hi Kevin,

 

You wrote:  When you ran AdwCleaner you only used the scan function to identify issues, you never actually used the "Clean" option to remove them....

 

=>  I know.  The only items identified as "issues" all came from the registry.  As you mentioned, if I wasn't secure in "cleaning" those items, just post the logfile, which I did.  You made no comment about it, so I didn't know where to take it from there.

 

I don't mess with the Registry.  I trusted so-called "cleaners" twice since 1996, and both times were disastrous.  I mentioned that earlier in my posts.  

 

Regarding the 200 icons - yes, I know it's not uncommon to have that many.  As I stated in my post, "the 200+ icons which I had arranged in a certain order on my desktop are now completely scrambled". They were scrambled, more than likely, because some registry value was tampered with.  My desktop takes a lot of time to re-organize once scrambled.

 

Other than that, I've run too many scan programs, and posted too many results without hearing one word about what was found in the results, and why yet another scan was needed.  If identifying the issue means downloading every malware tool in the world and scanning, one by one, the issue itself is causing less a problem than the "cure".

 

So, as I said in my last post, I'm going to call it quits now.  Thanks for trying.
 
Best regards,
 
Harry
 


#17 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,088 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 02 October 2013 - 07:53 PM

I did expect that you would tell me you were unsure of what AdwCleaner found and tell me what actual entries were a cause of concern for you, From the log you would see that no OS system files were being removed, it was software and browser related. I`ve yet to see a system trashed by AdwCleaner...

 

If a chosen scanner returns nothing found it would be counterproductive to just assume nothing was there to find, not all scanners find all infections. I always try to start with less aggressive methods and progress as required.

 

Obviously the easiest way is to wipe the system and reinstall again, clean sheet. If that is your choice then as you state we can call it quits....

 

Take care,

 

Kevin...


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#18 themuse

themuse

    New Member

  • Members
  • Pip
  • 10 posts

Posted 05 October 2013 - 10:40 AM

Hello again,

 

I found a solution to this problem yesterday, and wanted to post it here for anyone else who might run into this pesky pop-up.

 

I went to into the Chrome settings, and removed every cookie I could find with "rvzr-a.akamaihd" in the description (a search brought them all up).  Then I went to:

 

C:\Users\MyUserName\AppData\Local\Google\Chrome\User Data\Default

 

Renamed the "Default" folder "Default_BAK" (could be any new name).  

 

When Chrome reopened, a new "Default" folder was created, the apps I used came back because they were synced at Google, and the problem issue with the pop-up is now gone.

 

Thanks again for your help, Kevin.

 

Best regards,

 

Harry



#19 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 5,088 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 05 October 2013 - 10:56 AM

Thanks for the update Harry, good to see that you`ve found your own solution. If you had looked at the Zoek script I posted for you to run in that tool you may have noted these two commands:

 

Chromelook;
CHRdefaults;

 

Those very commands would have looked at the very browser you mention Chrome, the fix you mentioned would have been done for you....

 

As you have reached your own conclusion i`ll close out the thread....

 

Take care,

 

Kevin


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#20 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 06 October 2013 - 08:19 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook





Also tagged with one or more of these keywords: Browser hijacker, pop-up windows

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users