Zoek.exe v5.0.0.0 Updated 11-November-2014
Tool run by FredricJLowe on Wed 11/12/2014 at 9:49:52.48.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\FredricJLowe\Desktop\Virus Tools\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11/12/2014 9:57:32 AM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Freemake deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nitro PDF deleted successfully
C:\PROGRA~2\COMMON~1\supportdotcom deleted successfully
C:\Program Files\PolderbitS deleted successfully
C:\PROGRA~3\boost_interprocess deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Local Settings deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Sage Software, Inc deleted successfully
C:\Users\FredricJLowe\AppData\Roaming\Download Manager deleted successfully
C:\Users\FredricJLowe\AppData\Roaming\Google deleted successfully
C:\Users\FredricJLowe\AppData\Roaming\PeerNetworking deleted successfully
C:\Users\FredricJLowe\AppData\Roaming\webex deleted successfully
C:\Users\FredricJLowe\AppData\Local\CUSTPDF Writer deleted successfully
C:\Users\FredricJLowe\AppData\Local\Jaksta_Technologies_Pty_L deleted successfully
C:\Users\FredricJLowe\AppData\Local\LogMeIn Rescue Applet deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webinstrNew deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\webinstrNew deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\wbsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\wbsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wbsvc deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default
user.js not found
---- Lines nspdl removed from prefs.js ----
user_pref("extensions.nspdl.data.1c4755f318c6fdb260c47f26d0a24f0ca", "1");
user_pref("extensions.nspdl.data.activeDate", "20141111");
user_pref("extensions.nspdl.data.aliveDate", "20141111");
user_pref("extensions.nspdl.data.instlDate", "20141111");
user_pref("extensions.nspdl.data.ntopen", "23595662");
user_pref("extensions.nspdl.general.content", "favorites-e6489c2a413548420704ea3f4543d33f");
user_pref("extensions.nspdl.general.firstRun", false);
user_pref("extensions.nspdl.general.guid", "51660489-5681-40f5-bde4-d91eec2d5bf5");
user_pref("extensions.nspdl.general.version", "9.5.5");
---- FireFox user.js and prefs.js backups ----
prefs_20141112_1020_.backup
ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Thunderbird\Profiles\izpoojy7.default
user.js not found
---- Lines Search removed from prefs.js ----
user_pref("extensions.importexporttools.import.lastdir", "J:\\WindowsMailfoldersthrough12212011\\Imported Folder\\Search Fold 91a");
---- FireFox user.js and prefs.js backups ----
prefs_20141112_1020_.backup
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\MyFree Codec deleted
C:\Users\Administrator\AppData\Roaming\Yahoo! deleted
C:\Users\FredricJLowe\AppData\Roaming\Yahoo! deleted
C:\Users\FredricJLowe\AppData\Roaming\ICQ Search deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\InstallSightSDK deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\FredricJLowe\AppData\Local\Wondershare deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\WebBar deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Windows\patsearch.bin deleted
C:\windows\SysNative\Tasks\BetterDeals Update deleted
C:\Windows\Tasks\BetterDeals Update.job deleted
C:\Users\Administrator\AppData\LocalLow\Yahoo! deleted
C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\tasks\WebBarLaunchTask deleted
C:\windows\SysNative\tasks\WebBarUpdateTask deleted
C:\windows\SysNative\drivers\webinstrNew.sys deleted
C:\windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\FredricJLowe\AppData\Roaming\act16hf4ss.exe deleted
C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default\nspdl deleted
"C:\Users\FredricJLowe\AppData\Local\{5C59B02A-96E2-428A-AC30-C53201E57E6B}" deleted
"C:\Users\FredricJLowe\AppData\Local\{9046AAD6-8520-48DB-9A36-BCBD1A232F97}" deleted
"C:\PROGRA~2\ver0BetterDeals\a3BetterDealsM73.exe" deleted
"C:\PROGRA~2\ver0BetterDeals\Sqlite3.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\PROGRA~2\ver0BetterDeals" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-11-11 23:06:46 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-11-11 23:06:46 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-11-11 23:06:46 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-11-11 23:06:46 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-11-11 23:06:46 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\FREDRI~1\AppData\Local\Temp ====
2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\FredricJLowe\AppData\Local\Temp\sqlite3.dll
2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\FredricJLowe\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-11 23:07:39 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2014-11-11 23:07:38 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2014-11-11 23:07:38 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-11-11 23:07:38 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2014-11-11 23:07:21 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-11-11 23:07:21 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 23:07:21 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 23:07:20 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 23:07:20 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-11-11 23:07:20 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 23:07:20 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 23:07:20 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-11-11 23:07:20 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 23:07:19 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 23:07:19 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 23:07:19 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-11-11 23:07:18 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-11-11 23:07:18 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 23:07:18 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 23:07:18 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 23:07:17 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 23:07:17 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-11-11 23:07:17 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 23:07:17 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-11-11 23:07:15 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-11-11 23:07:15 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-11-11 23:07:15 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 23:07:15 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-11-11 23:07:15 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 23:07:15 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-11-11 23:06:19 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2014-11-11 23:06:19 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 23:06:13 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 23:06:09 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 23:06:08 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 23:06:08 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 23:05:52 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2014-11-11 23:05:51 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 23:05:49 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 23:05:49 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-11-11 23:05:49 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2014-11-11 23:05:48 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 23:05:48 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-11-11 23:03:02 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll
2014-11-11 23:02:46 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-11-11 23:01:20 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-11 23:07:46 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- C:\Windows\Sysnative\generaltel.dll
2014-11-11 23:07:45 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-11-11 23:07:45 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-11-11 23:07:40 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll
2014-11-11 23:07:39 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll
2014-11-11 23:07:38 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-11-11 23:07:38 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2014-11-11 23:07:21 854B230F5D77486B67D809FFB8A10C7E 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-11-11 23:07:21 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-11-11 23:07:21 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-11-11 23:07:21 1F3794CE1AEA5DA12ACF90210EAE4ECB 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-11-11 23:07:20 33098C85B789630865CD3F5D22FB0DFC 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-11-11 23:07:20 26BC4EC95E363DD59171710E22108F15 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-11-11 23:07:18 E17C34BECCD1388E9B386A9F82F01222 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-11-11 23:07:18 56651A76C63DAF2C593F1F767FC8A856 1550336 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-11-11 23:07:18 1C216980E7D21100A357B52B3C45F78D 388272 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-11-11 23:07:17 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-11-11 23:07:17 6507CA9349500A535AF70670F248E525 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-11-11 23:07:17 2A1A7F17C906941334C6A67E935F214B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-11-11 23:07:17 1E30BECF0DB35481588FB72C9CF97CA2 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-11-11 23:07:16 BD708EBEDB35E474F1A19747154ACC47 799232 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-11-11 23:07:16 BA4EC6139B8830BBA9CC5D065CA5796C 2884096 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-11-11 23:07:16 5C9D58591D0091630452B04F35527240 2124288 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-11-11 23:07:15 31F2A5ECFD2C75F970A3007ACD5627C7 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-11-11 23:07:15 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-11-11 23:07:14 69602F6259598A7837CB83D3608FE293 633856 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-11-11 23:07:14 277A4735954F1BF29EE3D138A5251BFE 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-11-11 23:07:14 154B8555A118BCFD95F358390E418B00 14390272 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-11-11 23:07:13 F208D7FB40FD80EA9F123BABF687359C 6040064 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-11-11 23:07:13 B6DC4597FF946B0C8B29650A71F52D4E 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-11-11 23:07:13 98088A13F65BE35DA3693F264740CEEC 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-11-11 23:07:13 7EE5FBD190BF5B27F7977EA6CBF0DCAC 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-11-11 23:07:13 7EC80DB959695D4F927D2D601DA59F35 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-11-11 23:07:13 6FC2819A4F80AAB2DADEDFC1EFEE3C3F 2365440 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-11-11 23:07:12 EE3592B010E3F69D141323E592C01A1A 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-11-11 23:07:12 BBD6A636AAA65D874F3863280CD8373D 25110016 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-11-11 23:07:12 4B6D9AB2ECD11AF5F6B1C42D938E0A85 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-11-11 23:06:19 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
2014-11-11 23:06:19 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll
2014-11-11 23:06:13 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL
2014-11-11 23:06:10 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2014-11-11 23:06:09 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2014-11-11 23:06:09 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll
2014-11-11 23:06:09 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll
2014-11-11 23:06:08 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll
2014-11-11 23:05:53 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll
2014-11-11 23:05:53 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2014-11-11 23:05:49 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-11-11 23:05:49 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2014-11-11 23:05:49 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2014-11-11 23:05:49 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-11-11 23:05:48 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-11-11 23:03:02 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll
2014-11-11 23:02:58 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-11-11 23:02:47 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll
2014-11-11 23:01:20 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll
====== C:\Windows\Sysnative\drivers =====
2014-11-11 23:07:39 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-11-10 04:27:24 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2014-11-09 16:48:10 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-09 16:47:49 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-09 16:47:49 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-09 16:47:49 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-10-15 11:48:06 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2014-10-15 11:48:04 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2014-10-15 11:47:08 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-15 11:47:08 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-11-11 23:58:53 FFF9AFFBB9C944B4A3B2E9E872715CDE 3234 ----a-w- C:\Windows\Sysnative\Tasks\SidebarExecute
2014-11-11 21:00:36 5D316417CAAD6E7369ED070517C9D982 3118 ----a-w- C:\Windows\Sysnative\Tasks\RPC
2014-11-06 16:41:39 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-11 21:04:09 -------- d-----w- C:\Program Files\WebBar
2014-10-19 18:38:01 -------- d-----w- C:\Program Files\iPod
2014-10-19 18:37:58 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-11-12 01:07:31 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
2014-11-11 21:01:25 -------- d-----w- C:\PROGRA~2\ospd_us_377
2014-11-09 20:17:23 -------- d-----w- C:\PROGRA~2\Sophos
2014-11-09 18:42:39 -------- d-----w- C:\PROGRA~2\Windows Resource Kits
2014-10-19 18:37:58 -------- d-----w- C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\FredricJLowe\AppData\Roaming ======
2014-11-11 23:44:43 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2014-11-11 23:44:43 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-11-11 23:44:43 -------- d-----w- C:\Users\dub_cm_auto\AppData\Local\temp
2014-11-11 23:44:43 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-11-11 23:44:43 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-11-11 23:44:43 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2014-11-10 21:16:04 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-11-09 20:17:32 -------- d-----w- C:\Users\FredricJLowe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-11-06 16:53:30 -------- d-sh--w- C:\Users\FredricJLowe\AppData\Locallow\EmieUserList
====== C:\Users\FredricJLowe ======
2014-11-12 01:10:21 035C0B5DA1CFE02625A814E7698B8CBE 1057488 ----a-w- C:\Users\FredricJLowe\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-11-12 01:06:07 77D0B05858A20DA07C533AC215CBB483 244088 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox Setup Stub 33.1 (1).exe
2014-11-12 00:28:40 77D0B05858A20DA07C533AC215CBB483 244088 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox Setup Stub 33.1.exe
2014-11-12 00:26:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\FredricJLowe\Downloads\FirefoxSetup.exe
2014-11-12 00:11:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-11-12 00:09:09 6C24D159A6EA36C720D33883E5338E86 691112 ----a-w- C:\Users\FredricJLowe\Downloads\msgr11ph.exe
2014-11-12 00:03:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-11 23:44:43 -------- d-----w- C:\Users\Public\AppData
2014-11-11 23:44:43 -------- d-----w- C:\Users\dub_cm_auto\AppData
2014-11-11 21:02:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2014-11-11 20:59:02 CEA4EC1D5DF523AD10A88D6750371227 852328 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox_Setup_34.0.exe
2014-11-10 04:27:10 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-09 20:19:32 -------- d-----w- C:\ProgramData\Sophos
2014-11-09 18:54:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-11-09 18:54:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2014-11-09 03:26:58 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (3).exe
2014-11-09 03:26:50 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (2).exe
2014-11-09 03:25:26 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-11-09 03:25:20 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-09 03:20:08 430A389AE785F228F28234D7C161D351 3778560 ----a-w- C:\Users\FredricJLowe\Downloads\RogueKillerX64.exe
2014-11-09 03:17:19 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (3).exe
2014-11-09 03:15:55 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (2).exe
2014-11-09 03:15:06 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (1).exe
2014-11-09 03:13:26 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup.exe
2014-11-06 13:43:08 0DE7C31D176F9DDEBBB052C654B9806B 3060320 ------w- C:\Users\FredricJLowe\Downloads\NPE.exe
2014-10-19 18:39:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-19 18:37:58 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
====== C: exe-files ==
2014-11-12 15:00:46 E0E2FE836FD209FBE336DE720032DA99 96768 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
2014-11-12 15:00:46 8B4A087962B4411D7FF2A91F6CAE1EBA 54432 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe
2014-11-12 15:00:46 8B4A087962B4411D7FF2A91F6CAE1EBA 54432 ----a-w- C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe
2014-11-12 15:00:46 41094C32DD59E2E56EE7AFCB0AB917B3 130208 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
2014-11-12 15:00:46 37EBCD76164A25F87E61D2158145FA42 59392 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe
2014-11-12 01:07:35 42570D7A89870B2845ACCB5E975060B5 103588 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2014-11-12 01:07:31 DEA022193DF8C88F6E2B3E33D148A5DB 114288 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2014-11-12 00:03:29 D804A4D7DF4228FC0C6105933EEAD715 41093712 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.122\38.0.2125.122_chrome_installer.exe
2014-11-11 23:07:21 B569522A58F9B53B20D16516D26E0DD8 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-11-11 23:07:19 B5724D61C7CB3FC9BACD9F8E58A77A03 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-11-11 23:07:19 2E1CAA313AAE151B8D6E81C0075DE88C 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-11-11 23:07:18 591C6FD1541BAFAEEE82B1F5831C8532 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-11-11 23:07:16 0A2FA344ABBE0D160CE9773256A42B21 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-11-11 23:07:15 F00FC8AF1B04C4611F92BC3DA01A2F49 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-11-11 21:04:09 52DA99DDA2FB639DF5B2816E3CEA2B35 37872 ----a-w- C:\Program Files\WebBar\wbsvc.exe
2014-11-11 21:04:09 4715C6647ED495C85502CB12634B9B5F 737475 ----a-w- C:\Program Files\WebBar\unins000.exe
2014-11-11 21:04:09 2331C427456CF4F198F9FF7CC7B34D7F 211952 ----a-w- C:\Program Files\WebBar\2.0.5422.19599\wb.exe
2014-11-11 21:02:44 C36DCD635909A8DA650FD35931CD2AA4 3268552 ----a-w- C:\Program Files (x86)\ospd_us_377\onesoftperday_widget.exe
2014-11-11 21:02:43 27A736F969B658F984346D145006AB91 393640 ----a-w- C:\Program Files (x86)\ospd_us_377\predm.exe
2014-11-11 21:01:25 E2BA020483C4E62EAF049ECEF90B5B3F 993264 ----a-w- C:\Program Files (x86)\ospd_us_377\unins000.exe
2014-11-11 21:01:25 221432589701A137AF228E8F316AC6D5 3977672 ----a-w- C:\Program Files (x86)\ospd_us_377\ospd_us_377.exe
=== C: other files ==
2014-11-12 15:22:30 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\
www.google[1].com
2014-11-12 15:17:31 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\app.noproblemppc[1].com
2014-11-12 14:57:42 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3JJB9AZF\
www.bleepingcomputer[1].com
2014-11-12 14:31:15 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3JJB9AZF\
www.producersweb[1].com
2014-11-12 14:25:06 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\MalwareTips[1].com
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"rn5.exe"="C:\Program Files (x86)\ActiveTracker\rn5.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"GoogleChromeAutoLaunch_70FA2A021BD990B422754CDCA3624AEA"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"AcronisTimounterMonitor"="C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot"
"Act.Outlook.Service"="C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"
"Act\Program Files (x86)\ACT\Act for Windows\Act.exe -preload"
"ACTSchedulerUI"="C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe -Dfalse"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"ospd_us_377"="C:\Program Files (x86)\ospd_us_377\ospd_us_377.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"rn5.exe"="C:\Program Files (x86)\ActiveTracker\rn5.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"GoogleChromeAutoLaunch_70FA2A021BD990B422754CDCA3624AEA"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
"mylbx"="C:\Program Files\My Lockbox\mylbx.exe /a"
"MFNetworkScanUtility"="C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQ"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\ICQ7.7\\ICQ.exe\" silent loginmode=4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\YahooAUService]
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2014 09:35 AM]
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3225944584-185484181-3065989196-1000.job --a------ C:\Program Files (x86)\C:itrix\GoToMeeting\1865\g2mupdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/23/2014 01:00 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/23/2014 01:00 AM]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\JetBoost_Startup" [C:\Program Files (x86)\BlueSprig\JetBoost\JetBoostTray.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe"]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RPC" [C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{72804138-9FD9-4888-A1E9-A32D689899FA}" [C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe]
"C:\Windows\SysNative\tasks\{952C5732-59DD-40A1-81F9-C5213DBBBF3E}" ["C:\Program Files\Internet Explorer\iexplore.exe"
http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603]
"C:\Windows\SysNative\tasks\{97A0805E-6B42-4778-9C68-CA81B5E4D6D0}" ["C:\Program Files\Internet Explorer\iexplore.exe"
http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603]
"C:\Windows\SysNative\tasks\{B10C07A1-940F-4985-8D4B-C609B9FE0243}" ["C:\Program Files\Internet Explorer\iexplore.exe"
http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603]
"C:\Windows\SysNative\tasks\{F69CB7A8-2AC0-4C5C-9F7A-F8C62FA6AC4A}" [C:\Users\FredricJLowe\Desktop\ICSolutions13-4.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\NCH Software\ExpressZipSevenDays" [C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe]
"C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Processor" [C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [11/12/2014 09:31 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{1D8CE494-1FA3-156A-5998-9E64EAE0C898}"="C:\Program Files (x86)\ver0BetterDeals\182.xpi" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default
- Undetermined -
alertbox@ajitk.com
- Undetermined -
exif_viewer@mozilla.doslash.org
- Undetermined - {1D8CE494-1FA3-156A-5998-9E64EAE0C898}
- Distill Web Monitor - AlertBox - %ProfilePath%\extensions\
alertbox@ajitk.com.xpi
- Exif Viewer - %ProfilePath%\extensions\
exif_viewer@mozilla.doslash.org.xpi
ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Thunderbird\Profiles\izpoojy7.default
-
pmth@readnotify.com - C:\Program Files (x86)\ActiveTracker\plugins\thunderbird\pmth
-
pmth@readnotify.com - %ProfilePath%\extensions\
pmth@readnotify.com
- ImportExportTools - %ProfilePath%\extensions\{3ed8cc52-86fc-4613-9026-c1ef969da4c3}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\FredricJLowe\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
6A03609A79D8C5ACECB66EED53F3A0AB - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)
70677064555D2EB816249ABB0150951F - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fbpdhkpnhljiimdoalmapnaombjlcgja - C:\Program Files (x86)\OApps\chrome-sl.crx[]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[07/04/2012 05:48 AM]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\FREDRI~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[05/30/2014 10:16 AM]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
Google Slides - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Norton Identity Safe - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
RealPlayer HTML5Video Downloader Extension - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk
Google Drive App Launcher - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Google Wallet - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Readnotify.com Web Plugin - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofmhkiliplhcecdhmfndhjbppbmoegk
Gmail - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully
C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully
C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="
http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully
HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully
HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Mozilla\Firefox\Extensions\{1D8CE494-1FA3-156A-5998-9E64EAE0C898} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fbpdhkpnhljiimdoalmapnaombjlcgja deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=138 folders=80 137874174 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\dub_cm_auto\AppData\Local\temp emptied successfully
C:\Users\FredricJLowe\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\FREDRI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\FXSSVCDebugLogFile.txt" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\FXSTIFFDebugLogFile.txt" not deleted
==== EOF on Wed 11/12/2014 at 10:51:27.24 ======================
This has changed things and now I am not able to access Yahoo messenger and when I launch Thunderbird I am now getting this message. :
"Unable to write the email to the mailbox. Make sure the file system allows you write privileges, and you have enough disk space to copy the mailbox."
I hope we can reverse the changes that were made which made things worse than earlier this morning.