Solved Cannot remove "istartsurf"

[Kate Currie]

Please can someone help me get rid of istartsurf? Malwarebytes and altering browser settings do not get rid of this search engine and popups etc. Cannot uninstall from programmes even with Microsoft fix it.

Thank you - nb its Istartsurf not istartnet as I first put - thanks

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v
  process;
  services-list;
  systemspecs;
  startupall;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  filesrcm;
  installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Kate Currie]

Hi after run script I got a box saying no input found or input txt too small !!! What would you like to do? then four options of doing quick or deep scans with or without cleanup - tried to screen shot but the virus keeps booting me out - using husbands computer here

 

[TwinHeadedEagle]

Have you copied script in white field?

 

[Kate Currie]

I don't know how to tell you I didn't - please don't hate me yet.... stand by (feeling very thick) ;-)

 

[Kate Currie]

Zoek.exe v5.0.0.0 Updated 11-August-2014
Tool run by Student on 11/08/2014 at 19:15:23.98.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Student\Downloads\zoek(1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/08/2014 19:20:28 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

æTorrent
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader X (10.1.9) MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bluetooth Stack for Windows by Toshiba
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon MG3100 series MP Drivers
Canon MG3100 series On-screen Manual
Canon MG3100 series User Registration
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon NaturallySpeaking 11
Dropbox
EndNote X6
EZ YouTube Video Downloader
Fotogalleri
Fotogalleriet
free-for-download bundle
Google Chrome
Google Drive
Google Update Helper
HTC Driver Installer
IBM SPSS Statistics 19
IBM SPSS Statistics 21
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Itibiti RTC
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Monster Resume Easy Submit
Movie Maker
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.1.0 (x86 en-GB)
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nutritics
Open It
Optimizer Pro v3.2
PDFCreator
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
PodTrans Pro 3.7.3
PreReq
Rapport
Realtek High Definition Audio Driver
RightSurf
RocketTab:
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SmartDraw CI
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Security Assist
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Sync Utility
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBA Wireless LAN Indicator
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Valokuvavalikoima
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VLC media player 2.1.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven peruspaketti
Zip Opener Packages

==== Running Processes ======================

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe
C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Users\Student\Downloads\zoek(1).exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [70e6ca8c] - Optimizer Pro Crash Monitor - "C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",SVC
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [cfWiMAXService] - ConfigFree WiMAX Service - "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
R2 - [ConfigFree Service] - ConfigFree Service - "C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
R2 - [EvtEng] - Intel(R) PROSet/Wireless Event Log - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - "C:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [RegSrvc] - Intel(R) PROSet/Wireless Registry Service - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
R2 - [Thpsrv] - TOSHIBA HDD Protection - C:\windows\system32\ThpSrv.exe
R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - C:\windows\system32\TODDSrv.exe
R2 - [TosCoSrv] - TOSHIBA Power Saver - "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
R2 - [TOSHIBA eco Utility Service] - TOSHIBA eco Utility Service - "C:\Program Files\TOSHIBA\TECO\TecoService.exe"
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
R2 - [vpnagent] - Cisco AnyConnect Secure Mobility Agent - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\windows\system32\SearchIndexer.exe /Embedding
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
R3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
R3 - [TMachInfo] - TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
R3 - [VSS] - Volume Shadow Copy - C:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\windows\system32\fxssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\windows\system32\IEEtwCollector.exe /V
S3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
S3 - [McAWFwk] - McAfee Activation Service - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\windows\system32\msiexec.exe /V
S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
S3 - [NisSrv] - Microsoft Network Inspection - "C:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\windows\System32\snmptrap.exe
S3 - [TOSHIBA Bluetooth Service] - TOSHIBA Bluetooth Service - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
S3 - [TOSHIBA HDD SSD Alert Service] - TOSHIBA HDD SSD Alert Service - "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
S3 - [TPCHSrv] - TPCH Service - "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
S3 - [TrustedInstaller] - Windows Modules Installer - C:\windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [PassThru Service] - Internet Pass-Through Service - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
S4 - [TemproMonitoringService] - Notebook Performance Tuning Service (TEMPRO) - "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"

==== Folders Found ======================


==== Files Found ======================


==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4000 MB
CPU Info: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
CPU Speed: 2191.1 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel(R) Centrino(R) Advanced-N 6230 | Intel(R) 82579V Gigabit Network Connection
CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ8A2ES
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C: 100.0GB | D: 182.3GB
Hard Disks - Free: C: 35.1GB | D: 3.1GB
Manufacturer *: TOSHIBA
BIOS Info: AT/AT COMPATIBLE | 08/23/11 | TOSHIB - 3
Time Zone: GMT Standard Time
Motherboard *: TOSHIBA Portable PC
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Firefox 29.0.1
Internet Explorer Version: 11.0.9600.17207
Mozilla Firefox version: 29.0.1 (x86 en-US)
Google Chrome version: 31.0.1650.63
Adobe Reader version: 10.1.9.22
Sun Java version: 1.6.0_20 (32-bit)
Flash Player version: 14.0.0.145

==== Files Recently Created / Modified ======================

====== C:\windows ====
====== C:\Users\Student\AppData\Local\Temp ====
2014-08-11 15:44:30 D8BE96BC224FB9A6034A01156A527271 43008 ----a-w- C:\Users\Student\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptxckxu.dll
2014-08-11 15:44:27 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Student\AppData\Local\Temp\System.Data.SQLite52423.dll
2014-08-11 14:48:54 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Student\AppData\Local\Temp\System.Data.SQLite14098.dll
2014-08-11 13:41:02 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Student\AppData\Local\Temp\System.Data.SQLite54183.dll
2014-08-11 13:12:23 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Student\AppData\Local\Temp\System.Data.SQLite67137.dll
2014-08-11 13:12:18 D17946A23CAD0C21C6FD1DAA92C39A32 4599296 ----a-w- C:\Users\Student\AppData\Local\Temp\rtinstaller.exe
2014-08-11 13:11:55 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Student\AppData\Local\Temp\System.Data.SQLite34603.dll
2014-08-11 11:15:47 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Student\AppData\Local\Temp\System.Data.SQLite69423.dll
2014-08-11 11:03:14 0B1095D6FB36ACE9C3FB8D6AD6ACB83F 113230 ----a-w- C:\Users\Student\AppData\Local\Temp\nsm6FC.tmp.exe
2014-08-11 07:51:31 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Student\AppData\Local\Temp\System.Data.SQLite12275.dll
====== Java Cache =====
====== C:\windows\SysWOW64 =====
2014-08-10 05:45:16 08C6B7E7B27C803BE59A5467D2BEFD87 108544 ----a-w- C:\windows\SysWOW64\hfnapi.dll
2014-08-10 05:45:06 F3EC41A4CF5E1D57474F61091F204BA4 246784 ----a-w- C:\windows\SysWOW64\hfpapi.dll
2014-08-01 15:33:05 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\windows\SysWOW64\wudriver.dll
2014-08-01 15:33:04 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\windows\SysWOW64\wuapi.dll
2014-08-01 15:33:04 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\windows\SysWOW64\wups.dll
2014-08-01 15:32:24 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\windows\SysWOW64\wuwebv.dll
2014-08-01 15:32:23 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\windows\SysWOW64\wuapp.exe
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2014-08-01 15:33:48 EAD9E413A6CEB9FD8E2AD9DC0716C061 58336 ----a-w- C:\windows\Sysnative\wuauclt.exe
2014-08-01 15:33:48 E76F105AD039B9E4DA9ECE839298C4A2 44512 ----a-w- C:\windows\Sysnative\wups2.dll
2014-08-01 15:33:47 6335F8B4B89F002A3801473C1A799237 2620928 ----a-w- C:\windows\Sysnative\wucltux.dll
2014-08-01 15:33:47 61FF576450CCC80564B850BC3FB6713A 2477536 ----a-w- C:\windows\Sysnative\wuaueng.dll
2014-08-01 15:33:05 7EC6617005F76714C7E16605E7A8AB06 38880 ----a-w- C:\windows\Sysnative\wups.dll
2014-08-01 15:33:05 1180B5ADFB507258DA10F51B46681A33 97792 ----a-w- C:\windows\Sysnative\wudriver.dll
2014-08-01 15:33:05 0DB2758CF1BAFE22E0970FDA0785B74C 700384 ----a-w- C:\windows\Sysnative\wuapi.dll
2014-08-01 15:32:23 45D4BDEA136E72E75CF008D3C38D949A 198600 ----a-w- C:\windows\Sysnative\wuwebv.dll
2014-08-01 15:32:23 29FE783F75362AD6D2D9C0555BA83BD2 36864 ----a-w- C:\windows\Sysnative\wuapp.exe
====== C:\windows\Sysnative\drivers =====
2014-07-31 20:20:42 9E34BF0784E087F7366DBD2BDA01C8EB 46376 ----a-w- C:\windows\Sysnative\drivers\netfilter64.sys
====== C:\windows\Tasks ======
2014-08-11 11:55:33 1525CE2E40C613379D1D314085711C61 3164 ----a-w- C:\windows\Sysnative\Tasks\{9E0C38D5-72FA-4795-8F31-457E622D4AE7}
2014-07-16 18:32:38 EDA5CE2CAC478E9CFB533C49213CA321 3262 ----a-w- C:\windows\Sysnative\Tasks\Optimizer Pro Schedule
====== C:\windows\Temp ======
======= C:\Program Files =====
2014-08-11 07:50:27 -------- d-----w- C:\Program Files\005
======= C:\PROGRA~2 =====
2014-08-11 07:51:36 -------- d-----w- C:\PROGRA~2\BrowserSafeguard
2014-08-11 07:42:33 -------- d-----w- C:\PROGRA~2\iMobie
2014-07-22 19:43:39 -------- d-----w- C:\PROGRA~2\VideoLAN
2014-07-16 18:31:04 -------- d-----w- C:\PROGRA~2\sweetpacks bundle uninstaller_Apache OpenOffice_1644551
======= C: =====
2014-08-11 13:16:08 F14F1EBB47CCBD9C1AE2348E8FF7BF9E 687 ----a-w- C:\awhF48B.tmp
2014-08-11 07:56:53 F14F1EBB47CCBD9C1AE2348E8FF7BF9E 687 ----a-w- C:\awh6EFC.tmp
====== C:\Users\Student\AppData\Roaming ======
2014-08-11 13:08:38 12A1F5C8C4FADEA32940E3D9F1CB65B5 4125624 ----a-w- C:\windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2014-08-11 07:51:54 -------- d-----w- C:\Users\Student\AppData\Local\9754
2014-08-11 07:42:55 -------- d-----w- C:\Users\Student\AppData\Local\iMobie_Inc
2014-08-11 07:42:52 -------- d-----w- C:\Users\Student\AppData\Roaming\iMobie
2014-08-06 17:39:05 -------- d-----w- C:\Users\Student\AppData\Local\Packages
2014-08-06 17:38:59 -------- d-----w- C:\Users\Student\AppData\Locallow\{998D0DD0-99B5-29FA-809C-0DE7FC7C6AE3}
2014-07-22 19:44:31 -------- d-----w- C:\Users\Student\AppData\Roaming\vlc
2014-07-22 19:38:27 -------- d-----w- C:\Users\Student\AppData\Roaming\uTorrent
2014-07-16 21:16:11 -------- d-----w- C:\Users\Student\AppData\Roaming\OpenOffice
2014-07-16 18:32:36 -------- d-----w- C:\Users\Student\AppData\Roaming\Optimizer Pro
====== C:\Users\Student ======
2014-08-11 07:42:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2014-08-06 17:38:57 -------- d-----w- C:\ProgramData\SmartCOmparee
2014-07-22 19:44:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-16 18:33:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free-for-download bundle
2014-07-16 18:32:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

====== C: exe-files ==
2014-08-11 15:13:32 FC2B0B710AB2EC61224C9411C6555743 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3180901244-3373960192-2221882467-1000\$I19M6S1.exe
2014-08-11 15:13:32 E9858E28FED97D7BF19B28DF17218E4E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3180901244-3373960192-2221882467-1000\$IGDWH5X.exe
2014-08-11 15:13:32 84B54D5C23ED311EA0325DB6DDC64C5A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3180901244-3373960192-2221882467-1000\$I7FOE34.exe
2014-08-11 15:13:32 80700E127F71BF9C2D5779A0E8E2C176 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3180901244-3373960192-2221882467-1000\$I15L0DD.exe
2014-08-11 13:12:18 D17946A23CAD0C21C6FD1DAA92C39A32 4599296 ----a-w- C:\Users\Student\AppData\Local\Temp\rtinstaller.exe
2014-08-11 11:03:14 0B1095D6FB36ACE9C3FB8D6AD6ACB83F 113230 ----a-w- C:\Users\Student\AppData\Local\Temp\nsm6FC.tmp.exe
2014-08-11 07:51:37 D17946A23CAD0C21C6FD1DAA92C39A32 4599296 ----a-w- C:\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe
2014-08-11 07:51:36 ED17F7213E399B1AF6E8665FF054B703 90112 ----a-w- C:\Program Files (x86)\BrowserSafeguard\Resources\certutil.exe
2014-08-11 07:51:36 C9B4E288D6E7AF76EF2F5D8C99047660 1413632 ----a-w- C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe
2014-08-11 07:51:36 3DA54BD90C1A4EF9A12270102C047FC5 55632 ----a-w- C:\Program Files (x86)\BrowserSafeguard\makecert.exe
2014-08-11 07:42:36 6DB6E1E3D91BDBA4511B8057CFC17942 120312 ----a-w- C:\$Recycle.Bin\S-1-5-21-3180901244-3373960192-2221882467-1000\$R7FOE34.exe
2014-08-11 07:42:34 BFBDC87AECE10CF9A0C560CAD11D05D3 19749888 ----a-w- C:\$Recycle.Bin\S-1-5-21-3180901244-3373960192-2221882467-1000\$RGDWH5X.exe
2014-08-11 07:42:33 C9C210E604CE9BC46A334F4B81A30F1C 1545208 ----a-w- C:\$Recycle.Bin\S-1-5-21-3180901244-3373960192-2221882467-1000\$R19M6S1.exe
2014-08-11 07:42:33 63E0C7DD413B7082A898A633CA0B2558 9197048 ----a-w- C:\$Recycle.Bin\S-1-5-21-3180901244-3373960192-2221882467-1000\$R15L0DD.exe
=== C: other files ==
2014-08-11 15:44:29 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Student\AppData\Local\Temp\_MEI38882\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3180901244-3373960192-2221882467-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Optimizer Pro"="C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-3180901244-3373960192-2221882467-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Student\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Student\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
"Uninstall C:\Users\Student\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"="C:\windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Student\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
"Uninstall C:\Users\Student\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Student\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"
"Registry Helper"="C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe /boot"
"BrowserSafeguard"="C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe"
"BrowserSafeguard Update Task"="C:\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe /CheckUpdate=true"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Optimizer Pro"="C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Student\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Student\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
"Uninstall C:\Users\Student\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"="C:\windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Student\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
"Uninstall C:\Users\Student\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"="C:\windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Student\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IntelWireless"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel Wireless Tray"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "
"TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~3\\FASTAN~1\\FASTAN~2.DLL"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Cisco AnyConnect Secure Mobility Agent for Windows"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Cisco\\Cisco AnyConnect Secure Mobility Client\\vpnui.exe\" -minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Conime]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Conime"
"hkey"="HKLM"
"command"="%windir%\\system32\\conime.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKCU"
"command"="C:\\ProgramData\\FLEXnet\\Connect\\11\\ISUSPM.exe -scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ITSecMng]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ITSecMng"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\Bluetooth Toshiba Stack\\ItSecMng.exe /START"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Nero\\Nero 10\\Nero BackItUp\\NBAgent.exe\" /WinStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OfficeSyncProcess]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OfficeSyncProcess"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSOSYNC.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Teco]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Teco"
"hkey"="HKLM"
"command"="\"%ProgramFiles%\\TOSHIBA\\TECO\\Teco.exe\" /r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ThpSrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ThpSrv"
"hkey"="HKLM"
"command"="C:\\windows\\system32\\thpsrv /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TOSDCR]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TOSDCR"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\PasswordUtility\\TOSDCR.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba Registration"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\Registration\\ToshibaReminder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba TEMPRO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba TEMPRO"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Toshiba TEMPRO\\TemproTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosNC"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Toshiba\\BulletinBoard\\TosNcCore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosReelTimeMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosReelTimeMonitor"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\ReelTime\\TosReelTimeMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosSENotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosSENotify"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TOSHIBA HDD SSD Alert\\TosWaitSrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosVolRegulator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosVolRegulator"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TosVolRegulator\\TosVolRegulator.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosWaitSrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosWaitSrv"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\TPHM\\TosWaitSrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TSleepSrv]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TSleepSrv"
"hkey"="HKLM"
"command"="%ProgramFiles(x86)%\\TOSHIBA\\TOSHIBA Sleep Utility\\TSleepSrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TSUScheduler]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TSUScheduler"
"hkey"="HKLM"
"command"="%ProgramFiles(x86)%\\TOSHIBA\\Sync Utility\\TosSyncScheduler.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TWebCamera]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TWebCamera"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Web Camera Application\\TWebCamera.exe\" autorun"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Toshiba Places Icon Utility.lnk"
"backup"="C:\\windows\\pss\\Toshiba Places Icon Utility.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\TOSHIBA\\TOSHIB~2\\TOSDIM~1.EXE "
"item"="Toshiba Places Icon Utility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Student^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
"path"="C:\\Users\\Student\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MyPC Backup.lnk"
"backup"="C:\\windows\\pss\\MyPC Backup.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MYPCBA~1\\MYPCBA~1.EXE "
"item"="MyPC Backup"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AllDaySavingsService64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IePluginServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jxbalvtmyz64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NetHttpService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PassThru Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ServiceUpdater]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TemproMonitoringService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Wajam Internet Enhancer Service]


==== Startup Folders ======================

2011-12-14 20:02:16 1262 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2011-12-14 20:02:16 1262 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2014-01-26 17:19:54 1064 ----a-w- C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [08/07/2014 22:11]
C:\windows\tasks\Digital Sites.job --a------ C:\Users\Student\AppData\Roaming\DIGITA1\UPDATE1\UPDATE1.exe []
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/08/2011 04:45]
C:\windows\tasks\SDMsgUpdate (SD).job --a------ C:\PROGRA2\SMARTD1\Messages\SDNotify.exe []

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe]
"C:\windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\windows\SysNative\tasks\Digital Sites" [C:\Users\Student\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe]
"C:\windows\SysNative\tasks\LaunchApp" [C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe]
"C:\windows\SysNative\tasks\MsgUpdateCheck (1ec6db88-2177-414a-8b2a-39cbab7ef516)" ["C:\Program Files (x86)\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe"]
"C:\windows\SysNative\tasks\Optimizer Pro Schedule" ["C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe"]
"C:\windows\SysNative\tasks\QtraxPlayer" ["C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe"]
"C:\windows\SysNative\tasks\SDMsgUpdate (Local)" [C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe]
"C:\windows\SysNative\tasks\SDMsgUpdate (SD)" [C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe]
"C:\windows\SysNative\tasks\SDMsgUpdate (TE)" [C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe]
"C:\windows\SysNative\tasks\TOSHIBA Wireless Display Monitor" [C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{8167E8F2-A770-4EFB-BA53-8A511051CD9B}"="C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}" [30/06/2014 10:19]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{8167E8F2-A770-4EFB-BA53-8A511051CD9B}"="C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}" [30/06/2014 10:19]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\fq8aaji8.default
- EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}
- FineDealSoft - %ProfilePath%\extensions\p.lmxpl@fwx-aovd.com

ProfilePath: C:\Users\Student\AppData\Roaming\Thunderbird\Profiles\m6id9w2o.default
- AttachmentExtractor - %ProfilePath%\extensions\{35834d20-efdb-4f78-ab77-9635fb4e56c4}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\fq8aaji8.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Student\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[05/05/2013 14:13]

Google Drive - Student\AppData\Local\Chromium\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Delta Toolbar - Student\AppData\Local\Chromium\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
SweetIM for Facebook - Student\AppData\Local\Chromium\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Skype for Chromium - Student\AppData\Local\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
LyricXeeker - Student\AppData\Local\Chromium\User Data\Default\Extensions\odnofacmifkjndflfmmplhckcbfjckhj
Google Drive - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Screen Resolution Tester - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbpeddmakpmblddofjnoghpjminhjph
Chrome Web Store Launcher - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej
AdBlock - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
YouTube - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Screen Resolution Tester - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bnbpeddmakpmblddofjnoghpjminhjph
Google Search - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome Web Store Launcher - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gecgipfabdickgidpmbicneamekgbaej
Savings com DealFinder - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap
SweetIM for Facebook - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Skype Click to Call - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Gmail - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
"homepage": "http://search.gboxapp.com/",


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.istartsurf.com/web/?type...2A7A384_110916E2M312433RZ1JNX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.istartsurf.com/web/?type...2A7A384_110916E2M312433RZ1JNX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Search Results Url="http://dts.search-results.com/sr?sr...0653&apn_uid=4965345813324544&q={searchTerms}"
{AB62B9A1-C4F2-4562-B8B0-E01E01F51A6E} Mysearchdial Url="http://start.mysearchdial.com/resul...CyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1500903132&ir="
{E225E52A-9638-4BFD-AA23-0AACEE828068} Yahoo! Search Url="Not_Found"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 11/08/2014 at 19:28:32.71 ======================

 

[TwinHeadedEagle]

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Adobe Reader X
- EZ YouTube Video Downloader
- free-for-download bundle
- Java(TM) 6 Update 20
- Optimizer Pro v3.2
- RightSurf
- RocketTab
- Zip Opener Packages


Latest versions of Java and Adobe Reader available here --> http://www.java.com/en/ and here http://get.adobe.com/uk/reader/
Make sure to uncheck optional offers.

Fix with ZOEK

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  70e6ca8c;s
  c:\Program Files (x86)\Optimizer Pro;fs
  C:\PROGRA~2\BrowserSafeguard;fs
  C:\Program Files\005;fs
  C:\PROGRA~2\iMobie;fs
  C:\PROGRA~2\sweetpacks bundle uninstaller_Apache OpenOffice_1644551;fs
  C:\ProgramData\SmartCOmparee;fs
  C:\Users\Student\AppData\Roaming\Optimizer Pro;fs
  [HKEY_USERS\S-1-5-21-3180901244-3373960192-2221882467-1000\Software\Microsoft\Windows\CurrentVersion\Run];r
  "Optimizer Pro"=-;r
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
  "BrowserSafeguard"=-;r
  "BrowserSafeguard Update Task"=-;r
  C:\Program Files (x86)\BrowserSafeguard;fs
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
  "Optimizer Pro"=-;r
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
  "AppInit_DLLs"=-;r
  C:\\PROGRA~3\\FASTAN~1;fs
  C:\windows\tasks\Digital Sites.job;f
  C:\Users\Student\AppData\Roaming\DIGITA1;fs
  C:\windows\tasks\SDMsgUpdate (SD).job;f
  C:\PROGRA2\SMARTD1;fs
  [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions];r
  "{8167E8F2-A770-4EFB-BA53-8A511051CD9B}"=-;r
  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions];r
  "{8167E8F2-A770-4EFB-BA53-8A511051CD9B}"=-;r
  C:\Program Files (x86)\EZ YouTube Video Downloader;fs
  EZ YouTube Video Downloader;ff
  FineDealSoft;ff
  eooncjejnppfjjklapaamhcdmjbilmde;chr
  jcdgjdiieiljkfkdcloehkohchhpekkn;chr
  autoclean;
  emptyalltemp;
  chrdefaults;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[Kate Currie]

Zoek.exe v5.0.0.0 Updated 11-August-2014
Tool run by Student on 11/08/2014 at 20:01:14.81.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Student\Downloads\zoek(1).exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-11-182832.log 49299 bytes

==== System Restore Info ======================

11/08/2014 20:03:57 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3180901244-3373960192-2221882467-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully
HKEY_USERS\S-1-5-21-3180901244-3373960192-2221882467-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB62B9A1-C4F2-4562-B8B0-E01E01F51A6E} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\70e6ca8c deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\671c50b0 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\fq8aaji8.default

user.js not found
---- Lines conduit removed from prefs.js ----
user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" message=\"Empty\"></package>");
user_pref("extensions.dynconff.cache.search.conduit.com.expires", "1386877403166");
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.startup.homepage", "http://websearch.calcitapp.info/");
---- Lines wajam removed from prefs.js ----
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.monetization_plugin_bundledUrls.value
---- Lines mysearch removed from prefs.js ----
user_pref("extensions.irmysearch.aflt", "dsites0103");
user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0Ezz0EtD0ByByCtCtBtDyDtC0ByB0FzztN0D0Tzu0CyByDzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1
user_pref("extensions.irmysearch.cr", "1500903132");
user_pref("extensions.irmysearch.instlRef", "");
---- Lines a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356 removed from prefs.js ----
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.a59def0ae3df84e8785518d6b609a202a97824100f5d846f
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.a59def0ae3df84e8785518d6b609a202a97824100f5d846f
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.active", true);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.addressbar", "NA");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.addressbarenhanced", "");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.asyncdb.was_copied", "true");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.asyncdb_dbWasSet", true);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.asyncinternaldb.was_copied", "true");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.backgroundver", 1);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.certdomaininstaller", "");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.changeprevious", false);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.cookie.InstallationTime.value", "%221404145885%2
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.description", "Turn YouTube videos to High Defin
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.domain", "");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.enablesearch", false);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.homepage", "");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.iframe", false);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.InstallationThankYouPage", true);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.InstallationTime", 1404145885);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb._installer_additional_info.expiration
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb._installer_additional_info.value", "%
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.lastDailyReport", "1404221194599");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.lastUpdate", "1404221193462");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.manifesturl", "");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.name", "Plus-HD-V1.1");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.newtab", "");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.opensearch", "");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.pluginsurl", "http://js.democlientnet.com/plugin
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.pluginsversion", 32);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.publisher", "Plus-HD.1");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.searchstatus", 0);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.setnewtab", false);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.thankyou", "");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.updateinterval", 360);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.58356.ver", 39);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.apps", "58356");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.bic", "146f21af2055a454e3345bef56be1870");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.cid", 58356);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.firstrun", false);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.hadappinstalled", true);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.installationdate", 1404221191);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.installerAdditionalInfo", "{\"asw\":[8, 33554693, 1638
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.modetype", "production");
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.reportInstall", true);
user_pref("extensions.a59def0ae3df84e8785518d6b609a202a97824100f5d846fa8c090b959f58c578com58356.statsDailyCounter", 1);
---- Lines extensions.rHqCJu removed from prefs.js ----
user_pref("extensions.rHqCJu.epoch", "1407844657");
user_pref("extensions.rHqCJu.url", "http://getjpi2.info/sync2/?q=hfZ9oe...hd9Fqda7rTkGrjsHrdwMBzqUojw9rdYFrjwFqjCFqih7h
---- FireFox user.js and prefs.js backups ----

prefs_082014_2037_.backup

ProfilePath: C:\Users\Student\AppData\Roaming\Thunderbird\Profiles\m6id9w2o.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_082014_2037_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-3180901244-3373960192-2221882467-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserSafeguard"=-
"BrowserSafeguard Update Task"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{8167E8F2-A770-4EFB-BA53-8A511051CD9B}"=-
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{8167E8F2-A770-4EFB-BA53-8A511051CD9B}"=-

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\sweetpacks bundle uninstaller_Apache OpenOffice_1644551 not found
C:\Users\Student\AppData\Roaming\Optimizer Pro not found
C:\\PROGRA~3\\FASTAN~1 not found
C:\Users\Student\AppData\Roaming\DIGITA1 not found
C:\PROGRA2\SMARTD1 not found
C:\Program Files (x86)\EZ YouTube Video Downloader not found
c:\Program Files (x86)\Optimizer Pro deleted
C:\PROGRA~2\BrowserSafeguard deleted
C:\Program Files\005 deleted
C:\PROGRA~2\iMobie deleted
C:\ProgramData\SmartCOmparee deleted
C:\Users\Student\AppData\LocalLow\{68B240BC-410E-9610-BA83-51408F19AC4C} deleted
C:\Users\Student\AppData\LocalLow\{998D0DD0-99B5-29FA-809C-0DE7FC7C6AE3} deleted
C:\Users\Student\AppData\Local\Packages\windows_ie_ac_001\AC\{998D0DD0-99B5-29FA-809C-0DE7FC7C6AE3} deleted
C:\PROGRA~3\Browser System Enahncer deleted
C:\PROGRA~3\374311380 deleted
C:\PROGRA~3\~0 deleted
C:\PROGRA~3\8f60ec4048f33542 deleted
C:\PROGRA~3\FineDDealSofit deleted
C:\PROGRA~2\FreeFileViewer deleted
C:\PROGRA~2\Nosibay deleted
C:\PROGRA~2\Computer Updater deleted
C:\PROGRA~2\File Type Assistant deleted
C:\PROGRA~2\Free Offers from Freeze.com deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\W3i deleted
C:\PROGRA~2\OpenIt deleted
C:\PROGRA~2\globalUpdate deleted
C:\awh6EFC.tmp deleted
C:\awhF48B.tmp deleted
C:\Users\Student\AppData\Roaming\Nosibay deleted
C:\Users\Student\AppData\Roaming\DigitalSites deleted
C:\Users\Student\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z deleted
C:\Users\Student\AppData\Roaming\Yahoo! deleted
C:\Users\Student\AppData\Roaming\Babylon deleted
C:\Users\Student\AppData\Roaming\DSite deleted
C:\Users\Student\Qtrax deleted
C:\Users\Student\SkyDrive\Music\Music\Qtrax Media Library deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\PROGRA~3\W3i deleted
C:\PROGRA~3\Registry Helper deleted
C:\PROGRA~3\Partner deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Computer Updater deleted
C:\PROGRA~3\Babylon deleted
C:\Users\Student\AppData\Local\FileTypeAssistant deleted
C:\Users\Student\AppData\Local\globalUpdate deleted
C:\Users\Student\AppData\Local\PackageAware deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It! deleted
C:\windows\SysNative\Tasks\LaunchApp deleted
C:\Users\Student\AppData\LocalLow\Yahoo! deleted
C:\Users\Student\AppData\LocalLow\Yahoo! Companion deleted
C:\Users\Student\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted
C:\windows\SysNative\tasks\QtraxPlayer deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\windows\tasks\Digital Sites.job deleted
C:\windows\SysNative\tasks\Optimizer Pro Schedule deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\Syswow64\RegistryHelperLM.ocx deleted
C:\windows\SysWow64\AI_RecycleBin deleted
C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\fq8aaji8.default\Invalidprefs.js deleted
C:\Users\Public\Desktop\Open It!.lnk deleted
C:\Users\Default\AppData\Roaming\gacutil.exe deleted
C:\Users\Default\AppData\Roaming\PnPutil.exe deleted
C:\PROGRA~3\Setup_EZ_YouTube_Video_Downloader_v1.2.0.exe deleted
C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\fq8aaji8.default\extensions\p.lmxpl@fwx-aovd.com deleted
"C:\windows\tasks\SDMsgUpdate (SD).job" deleted
"C:\windows\Installer\2d700af.msi" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Student\AppData\Roaming\Thunderbird\Profiles\m6id9w2o.default
- AttachmentExtractor - %ProfilePath%\extensions\{35834d20-efdb-4f78-ab77-9635fb4e56c4}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\fq8aaji8.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Student\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[05/05/2013 14:13]

Google Drive - Student\AppData\Local\Chromium\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Delta Toolbar - Student\AppData\Local\Chromium\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
SweetIM for Facebook - Student\AppData\Local\Chromium\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Skype for Chromium - Student\AppData\Local\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
LyricXeeker - Student\AppData\Local\Chromium\User Data\Default\Extensions\odnofacmifkjndflfmmplhckcbfjckhj
Google Drive - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Screen Resolution Tester - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbpeddmakpmblddofjnoghpjminhjph
Chrome Web Store Launcher - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej
AdBlock - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
YouTube - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Screen Resolution Tester - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bnbpeddmakpmblddofjnoghpjminhjph
Google Search - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome Web Store Launcher - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gecgipfabdickgidpmbicneamekgbaej
Savings com DealFinder - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap
SweetIM for Facebook - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Skype Click to Call - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Gmail - Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://websearch.calcitapp.info/",

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
"homepage": "http://websearch.calcitapp.info/",


==== Chrome Fix ======================

C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ukcompfind.com_0.localstorage deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ukcompfind.com_0.localstorage-journal deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imagej.en.softonic.com_0.localstorage deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imagej.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Student\AppData\Local\Chromium\User Data\Default\Local Storage\http_www.delta-search.com_0.localstorage deleted successfully
C:\Users\Student\AppData\Local\Chromium\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully
C:\Users\Student\AppData\Local\Chromium\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
C:\Users\Student\AppData\Local\Chromium\User Data\Default\Extensions\odnofacmifkjndflfmmplhckcbfjckhj deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gncemjbbfkgdhfiigkdebleebbhlelap deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gncemjbbfkgdhfiigkdebleebbhlelap_0.localstorage deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gncemjbbfkgdhfiigkdebleebbhlelap_0.localstorage-journal deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbpeddmakpmblddofjnoghpjminhjph deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bnbpeddmakpmblddofjnoghpjminhjph deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnbpeddmakpmblddofjnoghpjminhjph_0.localstorage deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bnbpeddmakpmblddofjnoghpjminhjph_0.localstorage-journal deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gecgipfabdickgidpmbicneamekgbaej deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gecgipfabdickgidpmbicneamekgbaej_0.localstorage deleted successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gecgipfabdickgidpmbicneamekgbaej_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.calcitapp.info/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.calcitapp.info/"
"Search Page"="http://www.istartsurf.com/web/?type...2A7A384_110916E2M312433RZ1JNX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.calcitapp.info/"
"Search Page"="http://www.istartsurf.com/web/?type...2A7A384_110916E2M312433RZ1JNX&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.calcitapp.info/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
{E225E52A-9638-4BFD-AA23-0AACEE828068} Yahoo! Search Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Student\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Student\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3180901244-3373960192-2221882467-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E225E52A-9638-4BFD-AA23-0AACEE828068} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\Users\Public\Desktop\SmartDraw CI.lnk - C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\Users\Public\Desktop\SmartDraw CI.lnk - C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\Users\Public\Desktop\SmartDraw CI.lnk - C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\Users\Public\Desktop\SmartDraw CI.lnk - C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\Users\Public\Desktop\SmartDraw CI.lnk - C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\Users\Public\Desktop\SmartDraw CI.lnk - C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\Users\Public\Desktop\SmartDraw CI.lnk - C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Public\Desktop\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\Users\Public\Desktop\SmartDraw CI.lnk - C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Student\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie\PodTrans Pro\PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\PodTrans.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie\PodTrans Pro\Uninstall PodTrans Pro.lnk - C:\Program Files (x86)\iMobie\PodTrans Pro\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nutritics\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nutritics Diet Analysis\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&...HitachiXHTS543232A7A384_110916E2M312433RZ1JNX
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nutritics\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nutritics Diet Analysis\Launch Nutritics.lnk - C:\Program Files (x86)\Nutritics\nbrowser\chrome.exe
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Student\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C5F3BDC-0A1B-4436-A696-5939629D5C31} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\D14143D5782BEE842A45208B63A8E465 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Student\AppData\Local\Mozilla\Firefox\Profiles\fq8aaji8.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Student\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Student\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=209 folders=82 44848975 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Student\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Student\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 11/08/2014 at 20:45:42.31 ======================

 

[TwinHeadedEagle]

Good

Tell me how is your PC now?

 

[Kate Currie]

Its perfect!!!! I have my MSc write up to do and this was so desperate I cannot thank you enough - really cannot - how wonderful - do you think it is clean?? SO so grateful - you have been so good and quick and worked late in to the night. Total hero.

 

[TwinHeadedEagle]

Yes, your PC is clean now


Go and remove Adobe Reader and Java, then install latest versions.




Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:
​

MUST READ - security tips: Computer Security - a short guide to staying safer online. Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

FiheHippo.com Update Checker - to keep your programs up-to-date.

Adblock - to surf the web without annoying ads!



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[TwinHeadedEagle]

Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.

Other members who need assistance please start your own topic in a new thread. Thanks!