Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Poweliks trojan & dllhost.exe 32 COM Surrogate virus
Message
<blockquote data-quote="FredricJLowe" data-source="post: 298016" data-attributes="member: 30586"><p>Zoek.exe v5.0.0.0 Updated 11-November-2014</p><p>Tool run by FredricJLowe on Wed 11/12/2014 at 9:49:52.48.</p><p>Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\FredricJLowe\Desktop\Virus Tools\zoek.exe [Scan all users] [Script inserted]</p><p>==== System Restore Info ======================</p><p>11/12/2014 9:57:32 AM Zoek.exe System Restore Point Created Succesfully.</p><p>==== Empty Folders Check ======================</p><p>C:\PROGRA~2\Freemake deleted successfully</p><p>C:\PROGRA~2\MSXML 4.0 deleted successfully</p><p>C:\PROGRA~2\Nitro PDF deleted successfully</p><p>C:\PROGRA~2\COMMON~1\supportdotcom deleted successfully</p><p>C:\Program Files\PolderbitS deleted successfully</p><p>C:\PROGRA~3\boost_interprocess deleted successfully</p><p>C:\PROGRA~3\Freemake deleted successfully</p><p>C:\PROGRA~3\Local Settings deleted successfully</p><p>C:\PROGRA~3\Oracle deleted successfully</p><p>C:\PROGRA~3\Sage Software, Inc deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Roaming\Download Manager deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Roaming\Google deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Roaming\PeerNetworking deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Roaming\webex deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Local\CUSTPDF Writer deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Local\Jaksta_Technologies_Pty_L deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Local\LogMeIn Rescue Applet deleted successfully</p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p>==== Deleting Services ======================</p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\YahooAUService deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webinstrNew deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\webinstrNew deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\wbsvc deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbsvc deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\wbsvc deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wbsvc deleted successfully</p><p>==== FireFox Fix ======================</p><p>ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default</p><p>user.js not found</p><p>---- Lines nspdl removed from prefs.js ----</p><p>user_pref("extensions.nspdl.data.1c4755f318c6fdb260c47f26d0a24f0ca", "1");</p><p>user_pref("extensions.nspdl.data.activeDate", "20141111");</p><p>user_pref("extensions.nspdl.data.aliveDate", "20141111");</p><p>user_pref("extensions.nspdl.data.instlDate", "20141111");</p><p>user_pref("extensions.nspdl.data.ntopen", "23595662");</p><p>user_pref("extensions.nspdl.general.content", "favorites-e6489c2a413548420704ea3f4543d33f");</p><p>user_pref("extensions.nspdl.general.firstRun", false);</p><p>user_pref("extensions.nspdl.general.guid", "51660489-5681-40f5-bde4-d91eec2d5bf5");</p><p>user_pref("extensions.nspdl.general.version", "9.5.5");</p><p>---- FireFox user.js and prefs.js backups ----</p><p>prefs_20141112_1020_.backup</p><p>ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Thunderbird\Profiles\izpoojy7.default</p><p>user.js not found</p><p>---- Lines Search removed from prefs.js ----</p><p>user_pref("extensions.importexporttools.import.lastdir", "J:\\WindowsMailfoldersthrough12212011\\Imported Folder\\Search Fold 91a");</p><p>---- FireFox user.js and prefs.js backups ----</p><p>prefs_20141112_1020_.backup</p><p>==== Batch Command(s) Run By Tool======================</p><p>C:\Windows\system32\appdata deleted</p><p>==== Deleting Files \ Folders ======================</p><p>C:\Windows\syswow64\appdata deleted</p><p>C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted</p><p>C:\PROGRA~2\Yahoo! deleted</p><p>C:\PROGRA~2\MyFree Codec deleted</p><p>C:\Users\Administrator\AppData\Roaming\Yahoo! deleted</p><p>C:\Users\FredricJLowe\AppData\Roaming\Yahoo! deleted</p><p>C:\Users\FredricJLowe\AppData\Roaming\ICQ Search deleted</p><p>C:\PROGRA~3\Yahoo! deleted</p><p>C:\PROGRA~3\InstallSightSDK deleted</p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\Users\FredricJLowe\AppData\Local\Wondershare deleted</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\WebBar deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted</p><p>C:\Windows\patsearch.bin deleted</p><p>C:\windows\SysNative\Tasks\BetterDeals Update deleted</p><p>C:\Windows\Tasks\BetterDeals Update.job deleted</p><p>C:\Users\Administrator\AppData\LocalLow\Yahoo! deleted</p><p>C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion deleted</p><p>C:\Windows\wininit.ini deleted</p><p>C:\windows\SysNative\tasks\WebBarLaunchTask deleted</p><p>C:\windows\SysNative\tasks\WebBarUpdateTask deleted</p><p>C:\windows\SysNative\drivers\webinstrNew.sys deleted</p><p>C:\windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf deleted</p><p>C:\Windows\SysNative\config\systemprofile\Searches deleted</p><p>C:\Windows\Syswow64\InstallUtil.InstallLog deleted</p><p>C:\Windows\SysWow64\AI_RecycleBin deleted</p><p>C:\Users\FredricJLowe\AppData\Roaming\act16hf4ss.exe deleted</p><p>C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default\nspdl deleted</p><p>"C:\Users\FredricJLowe\AppData\Local\{5C59B02A-96E2-428A-AC30-C53201E57E6B}" deleted</p><p>"C:\Users\FredricJLowe\AppData\Local\{9046AAD6-8520-48DB-9A36-BCBD1A232F97}" deleted</p><p>"C:\PROGRA~2\ver0BetterDeals\a3BetterDealsM73.exe" deleted</p><p>"C:\PROGRA~2\ver0BetterDeals\Sqlite3.dll" deleted</p><p>"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted</p><p>"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted</p><p>"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted</p><p>"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted</p><p>"C:\PROGRA~2\ver0BetterDeals" deleted</p><p>"C:\PROGRA~2\COMMON~1\Wondershare" deleted</p><p>"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted</p><p>==== Files Recently Created / Modified ======================</p><p>====== C:\Windows ====</p><p>2014-11-11 23:06:46 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe</p><p>2014-11-11 23:06:46 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe</p><p>2014-11-11 23:06:46 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe</p><p>2014-11-11 23:06:46 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe</p><p>2014-11-11 23:06:46 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe</p><p>====== C:\Users\FREDRI~1\AppData\Local\Temp ====</p><p>2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\FredricJLowe\AppData\Local\Temp\sqlite3.dll</p><p>2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\FredricJLowe\AppData\Local\Temp\Quarantine.exe</p><p>====== Java Cache =====</p><p>====== C:\Windows\SysWOW64 =====</p><p>2014-11-11 23:07:39 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll</p><p>2014-11-11 23:07:38 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll</p><p>2014-11-11 23:07:38 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll</p><p>2014-11-11 23:07:38 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll</p><p>2014-11-11 23:07:21 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll</p><p>2014-11-11 23:07:21 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll</p><p>2014-11-11 23:07:21 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2014-11-11 23:07:20 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll</p><p>2014-11-11 23:07:20 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\Windows\SysWOW64\mshtml.dll</p><p>2014-11-11 23:07:20 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2014-11-11 23:07:20 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll</p><p>2014-11-11 23:07:20 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll</p><p>2014-11-11 23:07:20 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll</p><p>2014-11-11 23:07:19 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll</p><p>2014-11-11 23:07:19 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb</p><p>2014-11-11 23:07:19 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll</p><p>2014-11-11 23:07:18 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\Windows\SysWOW64\iertutil.dll</p><p>2014-11-11 23:07:18 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll</p><p>2014-11-11 23:07:18 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl</p><p>2014-11-11 23:07:18 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll</p><p>2014-11-11 23:07:17 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll</p><p>2014-11-11 23:07:17 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll</p><p>2014-11-11 23:07:17 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe</p><p>2014-11-11 23:07:17 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\Windows\SysWOW64\ieframe.dll</p><p>2014-11-11 23:07:15 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\Windows\SysWOW64\jscript9.dll</p><p>2014-11-11 23:07:15 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll</p><p>2014-11-11 23:07:15 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2014-11-11 23:07:15 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- C:\Windows\SysWOW64\wininet.dll</p><p>2014-11-11 23:07:15 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2014-11-11 23:07:15 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll</p><p>2014-11-11 23:06:19 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll</p><p>2014-11-11 23:06:19 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll</p><p>2014-11-11 23:06:13 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL</p><p>2014-11-11 23:06:09 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll</p><p>2014-11-11 23:06:08 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll</p><p>2014-11-11 23:06:08 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll</p><p>2014-11-11 23:05:52 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll</p><p>2014-11-11 23:05:51 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll</p><p>2014-11-11 23:05:49 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll</p><p>2014-11-11 23:05:49 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll</p><p>2014-11-11 23:05:49 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll</p><p>2014-11-11 23:05:48 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll</p><p>2014-11-11 23:05:48 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll</p><p>2014-11-11 23:03:02 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll</p><p>2014-11-11 23:02:46 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll</p><p>2014-11-11 23:01:20 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll</p><p>====== C:\Windows\SysWOW64\drivers =====</p><p>====== C:\Windows\Sysnative =====</p><p>2014-11-11 23:07:46 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- C:\Windows\Sysnative\generaltel.dll</p><p>2014-11-11 23:07:45 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- C:\Windows\Sysnative\aepdu.dll</p><p>2014-11-11 23:07:45 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll</p><p>2014-11-11 23:07:40 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll</p><p>2014-11-11 23:07:39 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll</p><p>2014-11-11 23:07:38 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll</p><p>2014-11-11 23:07:38 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll</p><p>2014-11-11 23:07:21 854B230F5D77486B67D809FFB8A10C7E 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb</p><p>2014-11-11 23:07:21 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe</p><p>2014-11-11 23:07:21 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- C:\Windows\Sysnative\ie4uinit.exe</p><p>2014-11-11 23:07:21 1F3794CE1AEA5DA12ACF90210EAE4ECB 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll</p><p>2014-11-11 23:07:20 33098C85B789630865CD3F5D22FB0DFC 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll</p><p>2014-11-11 23:07:20 26BC4EC95E363DD59171710E22108F15 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll</p><p>2014-11-11 23:07:18 E17C34BECCD1388E9B386A9F82F01222 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll</p><p>2014-11-11 23:07:18 56651A76C63DAF2C593F1F767FC8A856 1550336 ----a-w- C:\Windows\Sysnative\urlmon.dll</p><p>2014-11-11 23:07:18 1C216980E7D21100A357B52B3C45F78D 388272 ----a-w- C:\Windows\Sysnative\iedkcs32.dll</p><p>2014-11-11 23:07:17 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe</p><p>2014-11-11 23:07:17 6507CA9349500A535AF70670F248E525 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll</p><p>2014-11-11 23:07:17 2A1A7F17C906941334C6A67E935F214B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll</p><p>2014-11-11 23:07:17 1E30BECF0DB35481588FB72C9CF97CA2 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll</p><p>2014-11-11 23:07:16 BD708EBEDB35E474F1A19747154ACC47 799232 ----a-w- C:\Windows\Sysnative\ieapfltr.dll</p><p>2014-11-11 23:07:16 BA4EC6139B8830BBA9CC5D065CA5796C 2884096 ----a-w- C:\Windows\Sysnative\iertutil.dll</p><p>2014-11-11 23:07:16 5C9D58591D0091630452B04F35527240 2124288 ----a-w- C:\Windows\Sysnative\inetcpl.cpl</p><p>2014-11-11 23:07:15 31F2A5ECFD2C75F970A3007ACD5627C7 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll</p><p>2014-11-11 23:07:15 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe</p><p>2014-11-11 23:07:14 69602F6259598A7837CB83D3608FE293 633856 ----a-w- C:\Windows\Sysnative\ieui.dll</p><p>2014-11-11 23:07:14 277A4735954F1BF29EE3D138A5251BFE 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll</p><p>2014-11-11 23:07:14 154B8555A118BCFD95F358390E418B00 14390272 ----a-w- C:\Windows\Sysnative\ieframe.dll</p><p>2014-11-11 23:07:13 F208D7FB40FD80EA9F123BABF687359C 6040064 ----a-w- C:\Windows\Sysnative\jscript9.dll</p><p>2014-11-11 23:07:13 B6DC4597FF946B0C8B29650A71F52D4E 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll</p><p>2014-11-11 23:07:13 98088A13F65BE35DA3693F264740CEEC 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll</p><p>2014-11-11 23:07:13 7EE5FBD190BF5B27F7977EA6CBF0DCAC 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll</p><p>2014-11-11 23:07:13 7EC80DB959695D4F927D2D601DA59F35 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll</p><p>2014-11-11 23:07:13 6FC2819A4F80AAB2DADEDFC1EFEE3C3F 2365440 ----a-w- C:\Windows\Sysnative\wininet.dll</p><p>2014-11-11 23:07:12 EE3592B010E3F69D141323E592C01A1A 199680 ----a-w- C:\Windows\Sysnative\msrating.dll</p><p>2014-11-11 23:07:12 BBD6A636AAA65D874F3863280CD8373D 25110016 ----a-w- C:\Windows\Sysnative\mshtml.dll</p><p>2014-11-11 23:07:12 4B6D9AB2ECD11AF5F6B1C42D938E0A85 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll</p><p>2014-11-11 23:06:19 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll</p><p>2014-11-11 23:06:19 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll</p><p>2014-11-11 23:06:13 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL</p><p>2014-11-11 23:06:10 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll</p><p>2014-11-11 23:06:09 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll</p><p>2014-11-11 23:06:09 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll</p><p>2014-11-11 23:06:09 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll</p><p>2014-11-11 23:06:08 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll</p><p>2014-11-11 23:05:53 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll</p><p>2014-11-11 23:05:53 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll</p><p>2014-11-11 23:05:49 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll</p><p>2014-11-11 23:05:49 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll</p><p>2014-11-11 23:05:49 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll</p><p>2014-11-11 23:05:49 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll</p><p>2014-11-11 23:05:48 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll</p><p>2014-11-11 23:03:02 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll</p><p>2014-11-11 23:02:58 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys</p><p>2014-11-11 23:02:47 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll</p><p>2014-11-11 23:01:20 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll</p><p>====== C:\Windows\Sysnative\drivers =====</p><p>2014-11-11 23:07:39 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys</p><p>2014-11-10 04:27:24 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys</p><p>2014-11-09 16:48:10 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys</p><p>2014-11-09 16:47:49 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys</p><p>2014-11-09 16:47:49 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys</p><p>2014-11-09 16:47:49 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys</p><p>2014-10-15 11:48:06 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys</p><p>2014-10-15 11:48:04 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys</p><p>2014-10-15 11:47:08 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys</p><p>2014-10-15 11:47:08 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys</p><p>====== C:\Windows\Tasks ======</p><p>2014-11-11 23:58:53 FFF9AFFBB9C944B4A3B2E9E872715CDE 3234 ----a-w- C:\Windows\Sysnative\Tasks\SidebarExecute</p><p>2014-11-11 21:00:36 5D316417CAAD6E7369ED070517C9D982 3118 ----a-w- C:\Windows\Sysnative\Tasks\RPC</p><p>2014-11-06 16:41:39 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking</p><p>====== C:\Windows\Temp ======</p><p>======= C:\Program Files =====</p><p>2014-11-11 21:04:09 -------- d-----w- C:\Program Files\WebBar</p><p>2014-10-19 18:38:01 -------- d-----w- C:\Program Files\iPod</p><p>2014-10-19 18:37:58 -------- d-----w- C:\Program Files\iTunes</p><p>======= C:\PROGRA~2 =====</p><p>2014-11-12 01:07:31 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service</p><p>2014-11-11 21:01:25 -------- d-----w- C:\PROGRA~2\ospd_us_377</p><p>2014-11-09 20:17:23 -------- d-----w- C:\PROGRA~2\Sophos</p><p>2014-11-09 18:42:39 -------- d-----w- C:\PROGRA~2\Windows Resource Kits</p><p>2014-10-19 18:37:58 -------- d-----w- C:\PROGRA~2\iTunes</p><p>======= C: =====</p><p>====== C:\Users\FredricJLowe\AppData\Roaming ======</p><p>2014-11-11 23:44:43 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp</p><p>2014-11-11 23:44:43 -------- d-----w- C:\Users\Public\AppData\Local\temp</p><p>2014-11-11 23:44:43 -------- d-----w- C:\Users\dub_cm_auto\AppData\Local\temp</p><p>2014-11-11 23:44:43 -------- d-----w- C:\Users\Default\AppData\Local\temp</p><p>2014-11-11 23:44:43 -------- d-----w- C:\Users\Default User\AppData\Local\temp</p><p>2014-11-11 23:44:43 -------- d-----w- C:\Users\Administrator\AppData\Local\temp</p><p>2014-11-10 21:16:04 -------- d-----w- C:\Users\Administrator\AppData\Local\Google</p><p>2014-11-09 20:17:32 -------- d-----w- C:\Users\FredricJLowe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos</p><p>2014-11-06 16:53:30 -------- d-sh--w- C:\Users\FredricJLowe\AppData\Locallow\EmieUserList</p><p>====== C:\Users\FredricJLowe ======</p><p>2014-11-12 01:10:21 035C0B5DA1CFE02625A814E7698B8CBE 1057488 ----a-w- C:\Users\FredricJLowe\Downloads\install_reader11_en_mssd_aaa_aih.exe</p><p>2014-11-12 01:06:07 77D0B05858A20DA07C533AC215CBB483 244088 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox Setup Stub 33.1 (1).exe</p><p>2014-11-12 00:28:40 77D0B05858A20DA07C533AC215CBB483 244088 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox Setup Stub 33.1.exe</p><p>2014-11-12 00:26:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\FredricJLowe\Downloads\FirefoxSetup.exe</p><p>2014-11-12 00:11:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger</p><p>2014-11-12 00:09:09 6C24D159A6EA36C720D33883E5338E86 691112 ----a-w- C:\Users\FredricJLowe\Downloads\msgr11ph.exe</p><p>2014-11-12 00:03:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>2014-11-11 23:44:43 -------- d-----w- C:\Users\Public\AppData</p><p>2014-11-11 23:44:43 -------- d-----w- C:\Users\dub_cm_auto\AppData</p><p>2014-11-11 21:02:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY</p><p>2014-11-11 20:59:02 CEA4EC1D5DF523AD10A88D6750371227 852328 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox_Setup_34.0.exe</p><p>2014-11-10 04:27:10 -------- d-----w- C:\ProgramData\RogueKiller</p><p>2014-11-09 20:19:32 -------- d-----w- C:\ProgramData\Sophos</p><p>2014-11-09 18:54:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite</p><p>2014-11-09 18:54:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities</p><p>2014-11-09 03:26:58 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (3).exe</p><p>2014-11-09 03:26:50 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (2).exe</p><p>2014-11-09 03:25:26 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (1).exe</p><p>2014-11-09 03:25:20 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025.exe</p><p>2014-11-09 03:20:08 430A389AE785F228F28234D7C161D351 3778560 ----a-w- C:\Users\FredricJLowe\Downloads\RogueKillerX64.exe</p><p>2014-11-09 03:17:19 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (3).exe</p><p>2014-11-09 03:15:55 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (2).exe</p><p>2014-11-09 03:15:06 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (1).exe</p><p>2014-11-09 03:13:26 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup.exe</p><p>2014-11-06 13:43:08 0DE7C31D176F9DDEBBB052C654B9806B 3060320 ------w- C:\Users\FredricJLowe\Downloads\NPE.exe</p><p>2014-10-19 18:39:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>2014-10-19 18:37:58 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7</p><p>====== C: exe-files ==</p><p>2014-11-12 15:00:46 E0E2FE836FD209FBE336DE720032DA99 96768 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe</p><p>2014-11-12 15:00:46 8B4A087962B4411D7FF2A91F6CAE1EBA 54432 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe</p><p>2014-11-12 15:00:46 8B4A087962B4411D7FF2A91F6CAE1EBA 54432 ----a-w- C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe</p><p>2014-11-12 15:00:46 41094C32DD59E2E56EE7AFCB0AB917B3 130208 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe</p><p>2014-11-12 15:00:46 37EBCD76164A25F87E61D2158145FA42 59392 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe</p><p>2014-11-12 01:07:35 42570D7A89870B2845ACCB5E975060B5 103588 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe</p><p>2014-11-12 01:07:31 DEA022193DF8C88F6E2B3E33D148A5DB 114288 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe</p><p>2014-11-12 00:03:29 D804A4D7DF4228FC0C6105933EEAD715 41093712 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.122\38.0.2125.122_chrome_installer.exe</p><p>2014-11-11 23:07:21 B569522A58F9B53B20D16516D26E0DD8 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe</p><p>2014-11-11 23:07:19 B5724D61C7CB3FC9BACD9F8E58A77A03 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe</p><p>2014-11-11 23:07:19 2E1CAA313AAE151B8D6E81C0075DE88C 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe</p><p>2014-11-11 23:07:18 591C6FD1541BAFAEEE82B1F5831C8532 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe</p><p>2014-11-11 23:07:16 0A2FA344ABBE0D160CE9773256A42B21 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe</p><p>2014-11-11 23:07:15 F00FC8AF1B04C4611F92BC3DA01A2F49 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe</p><p>2014-11-11 21:04:09 52DA99DDA2FB639DF5B2816E3CEA2B35 37872 ----a-w- C:\Program Files\WebBar\wbsvc.exe</p><p>2014-11-11 21:04:09 4715C6647ED495C85502CB12634B9B5F 737475 ----a-w- C:\Program Files\WebBar\unins000.exe</p><p>2014-11-11 21:04:09 2331C427456CF4F198F9FF7CC7B34D7F 211952 ----a-w- C:\Program Files\WebBar\2.0.5422.19599\wb.exe</p><p>2014-11-11 21:02:44 C36DCD635909A8DA650FD35931CD2AA4 3268552 ----a-w- C:\Program Files (x86)\ospd_us_377\onesoftperday_widget.exe</p><p>2014-11-11 21:02:43 27A736F969B658F984346D145006AB91 393640 ----a-w- C:\Program Files (x86)\ospd_us_377\predm.exe</p><p>2014-11-11 21:01:25 E2BA020483C4E62EAF049ECEF90B5B3F 993264 ----a-w- C:\Program Files (x86)\ospd_us_377\unins000.exe</p><p>2014-11-11 21:01:25 221432589701A137AF228E8F316AC6D5 3977672 ----a-w- C:\Program Files (x86)\ospd_us_377\ospd_us_377.exe</p><p>=== C: other files ==</p><p>2014-11-12 15:22:30 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\<a href="http://www.google[1].com" target="_blank">www.google[1].com</a></p><p>2014-11-12 15:17:31 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\app.noproblemppc[1].com</p><p>2014-11-12 14:57:42 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3JJB9AZF\<a href="http://www.bleepingcomputer[1].com" target="_blank">www.bleepingcomputer[1].com</a></p><p>2014-11-12 14:31:15 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3JJB9AZF\<a href="http://www.producersweb[1].com" target="_blank">www.producersweb[1].com</a></p><p>2014-11-12 14:25:06 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\MalwareTips[1].com</p><p>==== Startup Registry Enabled ======================</p><p>[HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"</p><p>"rn5.exe"="C:\Program Files (x86)\ActiveTracker\rn5.exe"</p><p>"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"</p><p>"GoogleChromeAutoLaunch_70FA2A021BD990B422754CDCA3624AEA"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"</p><p>"Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet"</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"</p><p>"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"</p><p>"AcronisTimounterMonitor"="C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe"</p><p>"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"</p><p>"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot"</p><p>"Act.Outlook.Service"="C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe"</p><p>"Act\Program Files (x86)\ACT\Act for Windows\Act.exe -preload"</p><p>"ACTSchedulerUI"="C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe -Dfalse"</p><p>"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"</p><p>"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"</p><p>"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"</p><p>"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"</p><p>"ospd_us_377"="C:\Program Files (x86)\ospd_us_377\ospd_us_377.exe"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"</p><p>"rn5.exe"="C:\Program Files (x86)\ActiveTracker\rn5.exe"</p><p>"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"</p><p>"GoogleChromeAutoLaunch_70FA2A021BD990B422754CDCA3624AEA"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"</p><p>"Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet"</p><p>==== Startup Registry Enabled x64 ======================</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"</p><p>"mylbx"="C:\Program Files\My Lockbox\mylbx.exe /a"</p><p>"MFNetworkScanUtility"="C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE"</p><p>==== Startup Registry Disabled x64 ======================</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]</p><p>"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"</p><p>"item"="Adobe ARM"</p><p>"hkey"="HKLM"</p><p>"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ]</p><p>"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"</p><p>"item"="ICQ"</p><p>"hkey"="HKCU"</p><p>"command"="\"C:\\Program Files (x86)\\ICQ7.7\\ICQ.exe\" silent loginmode=4"</p><p></p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\YahooAUService]</p><p></p><p>==== Task Scheduler Jobs ======================</p><p>C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2014 09:35 AM]</p><p>C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3225944584-185484181-3065989196-1000.job --a------ C:\Program Files (x86)\C:itrix\GoToMeeting\1865\g2mupdate.exe []</p><p>C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/23/2014 01:00 AM]</p><p>C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/23/2014 01:00 AM]</p><p>==== Other Scheduled Tasks ======================</p><p>"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]</p><p>"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe]</p><p>"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]</p><p>"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]</p><p>"C:\Windows\SysNative\tasks\JetBoost_Startup" [C:\Program Files (x86)\BlueSprig\JetBoost\JetBoostTray.exe]</p><p>"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe"]</p><p>"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]</p><p>"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]</p><p>"C:\Windows\SysNative\tasks\RPC" [C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe]</p><p>"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]</p><p>"C:\Windows\SysNative\tasks\{72804138-9FD9-4888-A1E9-A32D689899FA}" [C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe]</p><p>"C:\Windows\SysNative\tasks\{952C5732-59DD-40A1-81F9-C5213DBBBF3E}" ["C:\Program Files\Internet Explorer\iexplore.exe" <a href="http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603" target="_blank">http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603</a>]</p><p>"C:\Windows\SysNative\tasks\{97A0805E-6B42-4778-9C68-CA81B5E4D6D0}" ["C:\Program Files\Internet Explorer\iexplore.exe" <a href="http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603" target="_blank">http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603</a>]</p><p>"C:\Windows\SysNative\tasks\{B10C07A1-940F-4985-8D4B-C609B9FE0243}" ["C:\Program Files\Internet Explorer\iexplore.exe" <a href="http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603" target="_blank">http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603</a>]</p><p>"C:\Windows\SysNative\tasks\{F69CB7A8-2AC0-4C5C-9F7A-F8C62FA6AC4A}" [C:\Users\FredricJLowe\Desktop\ICSolutions13-4.exe]</p><p>"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]</p><p>"C:\Windows\SysNative\tasks\NCH Software\ExpressZipSevenDays" [C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe]</p><p>"C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe]</p><p>"C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Processor" [C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe]</p><p>==== Firefox Extensions Registry ======================</p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [11/12/2014 09:31 AM]</p><p>[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]</p><p>"{1D8CE494-1FA3-156A-5998-9E64EAE0C898}"="C:\Program Files (x86)\ver0BetterDeals\182.xpi" []</p><p>==== Firefox Extensions ======================</p><p>ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default</p><p>- Undetermined - <a href="mailto:alertbox@ajitk.com">alertbox@ajitk.com</a></p><p>- Undetermined - <a href="mailto:exif_viewer@mozilla.doslash.org">exif_viewer@mozilla.doslash.org</a></p><p>- Undetermined - {1D8CE494-1FA3-156A-5998-9E64EAE0C898}</p><p>- Distill Web Monitor - AlertBox - %ProfilePath%\extensions\<a href="mailto:alertbox@ajitk.com.xpi">alertbox@ajitk.com.xpi</a></p><p>- Exif Viewer - %ProfilePath%\extensions\<a href="mailto:exif_viewer@mozilla.doslash.org.xpi">exif_viewer@mozilla.doslash.org.xpi</a></p><p>ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Thunderbird\Profiles\izpoojy7.default</p><p>- <a href="mailto:pmth@readnotify.com">pmth@readnotify.com</a> - C:\Program Files (x86)\ActiveTracker\plugins\thunderbird\pmth</p><p>- <a href="mailto:pmth@readnotify.com">pmth@readnotify.com</a> - %ProfilePath%\extensions\<a href="mailto:pmth@readnotify.com">pmth@readnotify.com</a></p><p>- ImportExportTools - %ProfilePath%\extensions\{3ed8cc52-86fc-4613-9026-c1ef969da4c3}.xpi</p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p>==== Firefox Plugins ======================</p><p>Profilepath: C:\Users\FredricJLowe\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default</p><p>DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash</p><p>6A03609A79D8C5ACECB66EED53F3A0AB - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)</p><p>70677064555D2EB816249ABB0150951F - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)</p><p></p><p>==== Chromium Look ======================</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>fbpdhkpnhljiimdoalmapnaombjlcgja - C:\Program Files (x86)\OApps\chrome-sl.crx[]</p><p>iikflkcanblccfahdhdonehdalibjnif - No path found[]</p><p>jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[07/04/2012 05:48 AM]</p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions</p><p>apdfllckaahabafndbhieahigkjlhalf - C:\Users\FREDRI~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[05/30/2014 10:16 AM]</p><p>lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]</p><p>Google Slides - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek</p><p>Google Docs - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake</p><p>Google Drive - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf</p><p>Google Voice Search Hotword (Beta) - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>YouTube - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo</p><p>Google Search - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf</p><p>Google Sheets - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap</p><p>Norton Identity Safe - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif</p><p>RealPlayer HTML5Video Downloader Extension - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk</p><p>Google Drive App Launcher - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh</p><p>Google Wallet - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda</p><p>Readnotify.com Web Plugin - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofmhkiliplhcecdhmfndhjbppbmoegk</p><p>Gmail - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia</p><p>==== Chromium Fix ======================</p><p>C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully</p><p>C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully</p><p>==== Set IE to Default ======================</p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>No DefaultScope Set For HKCU</p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"</p><p>==== All HKCU SearchScopes ======================</p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms" target="_blank">http://www.google.com/search?q={searchTerms</a>}"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p>{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"</p><p>==== Deleting CLSID Registry Keys ======================</p><p>HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully</p><p>HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully</p><p>HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully</p><p>HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully</p><p>==== Deleting CLSID Registry Values ======================</p><p>HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Mozilla\Firefox\Extensions\{1D8CE494-1FA3-156A-5998-9E64EAE0C898} deleted successfully</p><p>==== Deleting Registry Keys ======================</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fbpdhkpnhljiimdoalmapnaombjlcgja deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully</p><p>HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1 deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully</p><p>==== Empty IE Cache ======================</p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>==== Empty FireFox Cache ======================</p><p>No FireFox Cache found</p><p>==== Empty Chrome Cache ======================</p><p>C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p>==== Empty All Flash Cache ======================</p><p>Flash Cache Emptied Successfully</p><p>==== Empty All Java Cache ======================</p><p>Java Cache cleared successfully</p><p>==== C:\zoek_backup content ======================</p><p>C:\zoek_backup (files=138 folders=80 137874174 bytes)</p><p>==== Empty Temp Folders ======================</p><p>C:\Users\Administrator\AppData\Local\temp emptied successfully</p><p>C:\Users\Default\AppData\Local\temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\temp emptied successfully</p><p>C:\Users\dub_cm_auto\AppData\Local\temp emptied successfully</p><p>C:\Users\FredricJLowe\AppData\Local\Temp will be emptied at reboot</p><p>C:\Users\Public\AppData\Local\temp emptied successfully</p><p>C:\Users\UpdatusUser\AppData\Local\temp emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p>==== After Reboot ======================</p><p>==== Empty Temp Folders ======================</p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\FREDRI~1\AppData\Local\Temp successfully emptied</p><p>==== Empty Recycle Bin ======================</p><p>C:\$RECYCLE.BIN successfully emptied</p><p>==== Deleting Files / Folders ======================</p><p>"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\FXSSVCDebugLogFile.txt" not deleted</p><p>"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\FXSTIFFDebugLogFile.txt" not deleted</p><p>==== EOF on Wed 11/12/2014 at 10:51:27.24 ======================</p><p></p><p></p><p></p><p></p><p></p><p>This has changed things and now I am not able to access Yahoo messenger and when I launch Thunderbird I am now getting this message. :</p><p>"Unable to write the email to the mailbox. Make sure the file system allows you write privileges, and you have enough disk space to copy the mailbox."</p><p></p><p>I hope we can reverse the changes that were made which made things worse than earlier this morning.</p></blockquote><p></p>
[QUOTE="FredricJLowe, post: 298016, member: 30586"] Zoek.exe v5.0.0.0 Updated 11-November-2014 Tool run by FredricJLowe on Wed 11/12/2014 at 9:49:52.48. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\FredricJLowe\Desktop\Virus Tools\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11/12/2014 9:57:32 AM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Freemake deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Nitro PDF deleted successfully C:\PROGRA~2\COMMON~1\supportdotcom deleted successfully C:\Program Files\PolderbitS deleted successfully C:\PROGRA~3\boost_interprocess deleted successfully C:\PROGRA~3\Freemake deleted successfully C:\PROGRA~3\Local Settings deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\Sage Software, Inc deleted successfully C:\Users\FredricJLowe\AppData\Roaming\Download Manager deleted successfully C:\Users\FredricJLowe\AppData\Roaming\Google deleted successfully C:\Users\FredricJLowe\AppData\Roaming\PeerNetworking deleted successfully C:\Users\FredricJLowe\AppData\Roaming\webex deleted successfully C:\Users\FredricJLowe\AppData\Local\CUSTPDF Writer deleted successfully C:\Users\FredricJLowe\AppData\Local\Jaksta_Technologies_Pty_L deleted successfully C:\Users\FredricJLowe\AppData\Local\LogMeIn Rescue Applet deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\YahooAUService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webinstrNew deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\webinstrNew deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\wbsvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbsvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\wbsvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wbsvc deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default user.js not found ---- Lines nspdl removed from prefs.js ---- user_pref("extensions.nspdl.data.1c4755f318c6fdb260c47f26d0a24f0ca", "1"); user_pref("extensions.nspdl.data.activeDate", "20141111"); user_pref("extensions.nspdl.data.aliveDate", "20141111"); user_pref("extensions.nspdl.data.instlDate", "20141111"); user_pref("extensions.nspdl.data.ntopen", "23595662"); user_pref("extensions.nspdl.general.content", "favorites-e6489c2a413548420704ea3f4543d33f"); user_pref("extensions.nspdl.general.firstRun", false); user_pref("extensions.nspdl.general.guid", "51660489-5681-40f5-bde4-d91eec2d5bf5"); user_pref("extensions.nspdl.general.version", "9.5.5"); ---- FireFox user.js and prefs.js backups ---- prefs_20141112_1020_.backup ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Thunderbird\Profiles\izpoojy7.default user.js not found ---- Lines Search removed from prefs.js ---- user_pref("extensions.importexporttools.import.lastdir", "J:\\WindowsMailfoldersthrough12212011\\Imported Folder\\Search Fold 91a"); ---- FireFox user.js and prefs.js backups ---- prefs_20141112_1020_.backup ==== Batch Command(s) Run By Tool====================== C:\Windows\system32\appdata deleted ==== Deleting Files \ Folders ====================== C:\Windows\syswow64\appdata deleted C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted C:\PROGRA~2\Yahoo! deleted C:\PROGRA~2\MyFree Codec deleted C:\Users\Administrator\AppData\Roaming\Yahoo! deleted C:\Users\FredricJLowe\AppData\Roaming\Yahoo! deleted C:\Users\FredricJLowe\AppData\Roaming\ICQ Search deleted C:\PROGRA~3\Yahoo! deleted C:\PROGRA~3\InstallSightSDK deleted C:\PROGRA~3\Package Cache deleted C:\Users\FredricJLowe\AppData\Local\Wondershare deleted C:\Windows\SysNative\config\systemprofile\AppData\Local\WebBar deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted C:\Windows\patsearch.bin deleted C:\windows\SysNative\Tasks\BetterDeals Update deleted C:\Windows\Tasks\BetterDeals Update.job deleted C:\Users\Administrator\AppData\LocalLow\Yahoo! deleted C:\Users\Administrator\AppData\LocalLow\Yahoo! Companion deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\tasks\WebBarLaunchTask deleted C:\windows\SysNative\tasks\WebBarUpdateTask deleted C:\windows\SysNative\drivers\webinstrNew.sys deleted C:\windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\InstallUtil.InstallLog deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\FredricJLowe\AppData\Roaming\act16hf4ss.exe deleted C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default\nspdl deleted "C:\Users\FredricJLowe\AppData\Local\{5C59B02A-96E2-428A-AC30-C53201E57E6B}" deleted "C:\Users\FredricJLowe\AppData\Local\{9046AAD6-8520-48DB-9A36-BCBD1A232F97}" deleted "C:\PROGRA~2\ver0BetterDeals\a3BetterDealsM73.exe" deleted "C:\PROGRA~2\ver0BetterDeals\Sqlite3.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\PROGRA~2\ver0BetterDeals" deleted "C:\PROGRA~2\COMMON~1\Wondershare" deleted "C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-11-11 23:06:46 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2014-11-11 23:06:46 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2014-11-11 23:06:46 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2014-11-11 23:06:46 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2014-11-11 23:06:46 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe ====== C:\Users\FREDRI~1\AppData\Local\Temp ==== 2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\FredricJLowe\AppData\Local\Temp\sqlite3.dll 2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\FredricJLowe\AppData\Local\Temp\Quarantine.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-11-11 23:07:39 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2014-11-11 23:07:38 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2014-11-11 23:07:38 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-11-11 23:07:38 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-11-11 23:07:21 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-11-11 23:07:21 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 23:07:21 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 23:07:20 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 23:07:20 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-11-11 23:07:20 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 23:07:20 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 23:07:20 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-11-11 23:07:20 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 23:07:19 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 23:07:19 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-11-11 23:07:19 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-11-11 23:07:18 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-11-11 23:07:18 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 23:07:18 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 23:07:18 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 23:07:17 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 23:07:17 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-11-11 23:07:17 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 23:07:17 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-11-11 23:07:15 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-11-11 23:07:15 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-11-11 23:07:15 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 23:07:15 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-11-11 23:07:15 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-11 23:07:15 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-11-11 23:06:19 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-11-11 23:06:19 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-11-11 23:06:13 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-11 23:06:09 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 23:06:08 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 23:06:08 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 23:05:52 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-11-11 23:05:51 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2014-11-11 23:05:49 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-11-11 23:05:49 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-11-11 23:05:49 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-11-11 23:05:48 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-11-11 23:05:48 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-11-11 23:03:02 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll 2014-11-11 23:02:46 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-11-11 23:01:20 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-11-11 23:07:46 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-11-11 23:07:45 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-11-11 23:07:45 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-11-11 23:07:40 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll 2014-11-11 23:07:39 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll 2014-11-11 23:07:38 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-11-11 23:07:38 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2014-11-11 23:07:21 854B230F5D77486B67D809FFB8A10C7E 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-11-11 23:07:21 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-11-11 23:07:21 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-11-11 23:07:21 1F3794CE1AEA5DA12ACF90210EAE4ECB 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-11-11 23:07:20 33098C85B789630865CD3F5D22FB0DFC 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-11-11 23:07:20 26BC4EC95E363DD59171710E22108F15 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-11-11 23:07:18 E17C34BECCD1388E9B386A9F82F01222 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-11-11 23:07:18 56651A76C63DAF2C593F1F767FC8A856 1550336 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-11-11 23:07:18 1C216980E7D21100A357B52B3C45F78D 388272 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-11-11 23:07:17 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-11-11 23:07:17 6507CA9349500A535AF70670F248E525 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-11-11 23:07:17 2A1A7F17C906941334C6A67E935F214B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-11-11 23:07:17 1E30BECF0DB35481588FB72C9CF97CA2 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-11-11 23:07:16 BD708EBEDB35E474F1A19747154ACC47 799232 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-11-11 23:07:16 BA4EC6139B8830BBA9CC5D065CA5796C 2884096 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-11-11 23:07:16 5C9D58591D0091630452B04F35527240 2124288 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-11-11 23:07:15 31F2A5ECFD2C75F970A3007ACD5627C7 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-11-11 23:07:15 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-11-11 23:07:14 69602F6259598A7837CB83D3608FE293 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-11-11 23:07:14 277A4735954F1BF29EE3D138A5251BFE 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-11-11 23:07:14 154B8555A118BCFD95F358390E418B00 14390272 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-11-11 23:07:13 F208D7FB40FD80EA9F123BABF687359C 6040064 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-11-11 23:07:13 B6DC4597FF946B0C8B29650A71F52D4E 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-11-11 23:07:13 98088A13F65BE35DA3693F264740CEEC 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-11-11 23:07:13 7EE5FBD190BF5B27F7977EA6CBF0DCAC 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-11-11 23:07:13 7EC80DB959695D4F927D2D601DA59F35 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-11-11 23:07:13 6FC2819A4F80AAB2DADEDFC1EFEE3C3F 2365440 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-11-11 23:07:12 EE3592B010E3F69D141323E592C01A1A 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-11-11 23:07:12 BBD6A636AAA65D874F3863280CD8373D 25110016 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-11-11 23:07:12 4B6D9AB2ECD11AF5F6B1C42D938E0A85 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-11-11 23:06:19 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-11-11 23:06:19 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-11-11 23:06:13 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL 2014-11-11 23:06:10 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2014-11-11 23:06:09 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2014-11-11 23:06:09 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2014-11-11 23:06:09 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2014-11-11 23:06:08 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2014-11-11 23:05:53 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-11-11 23:05:53 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2014-11-11 23:05:49 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-11-11 23:05:49 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-11-11 23:05:49 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-11-11 23:05:49 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-11-11 23:05:48 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-11-11 23:03:02 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll 2014-11-11 23:02:58 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-11-11 23:02:47 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll 2014-11-11 23:01:20 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll ====== C:\Windows\Sysnative\drivers ===== 2014-11-11 23:07:39 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-11-10 04:27:24 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys 2014-11-09 16:48:10 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-11-09 16:47:49 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-11-09 16:47:49 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-11-09 16:47:49 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-10-15 11:48:06 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2014-10-15 11:48:04 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2014-10-15 11:47:08 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2014-10-15 11:47:08 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys ====== C:\Windows\Tasks ====== 2014-11-11 23:58:53 FFF9AFFBB9C944B4A3B2E9E872715CDE 3234 ----a-w- C:\Windows\Sysnative\Tasks\SidebarExecute 2014-11-11 21:00:36 5D316417CAAD6E7369ED070517C9D982 3118 ----a-w- C:\Windows\Sysnative\Tasks\RPC 2014-11-06 16:41:39 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-11 21:04:09 -------- d-----w- C:\Program Files\WebBar 2014-10-19 18:38:01 -------- d-----w- C:\Program Files\iPod 2014-10-19 18:37:58 -------- d-----w- C:\Program Files\iTunes ======= C:\PROGRA~2 ===== 2014-11-12 01:07:31 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2014-11-11 21:01:25 -------- d-----w- C:\PROGRA~2\ospd_us_377 2014-11-09 20:17:23 -------- d-----w- C:\PROGRA~2\Sophos 2014-11-09 18:42:39 -------- d-----w- C:\PROGRA~2\Windows Resource Kits 2014-10-19 18:37:58 -------- d-----w- C:\PROGRA~2\iTunes ======= C: ===== ====== C:\Users\FredricJLowe\AppData\Roaming ====== 2014-11-11 23:44:43 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2014-11-11 23:44:43 -------- d-----w- C:\Users\Public\AppData\Local\temp 2014-11-11 23:44:43 -------- d-----w- C:\Users\dub_cm_auto\AppData\Local\temp 2014-11-11 23:44:43 -------- d-----w- C:\Users\Default\AppData\Local\temp 2014-11-11 23:44:43 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2014-11-11 23:44:43 -------- d-----w- C:\Users\Administrator\AppData\Local\temp 2014-11-10 21:16:04 -------- d-----w- C:\Users\Administrator\AppData\Local\Google 2014-11-09 20:17:32 -------- d-----w- C:\Users\FredricJLowe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-11-06 16:53:30 -------- d-sh--w- C:\Users\FredricJLowe\AppData\Locallow\EmieUserList ====== C:\Users\FredricJLowe ====== 2014-11-12 01:10:21 035C0B5DA1CFE02625A814E7698B8CBE 1057488 ----a-w- C:\Users\FredricJLowe\Downloads\install_reader11_en_mssd_aaa_aih.exe 2014-11-12 01:06:07 77D0B05858A20DA07C533AC215CBB483 244088 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox Setup Stub 33.1 (1).exe 2014-11-12 00:28:40 77D0B05858A20DA07C533AC215CBB483 244088 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox Setup Stub 33.1.exe 2014-11-12 00:26:32 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\FredricJLowe\Downloads\FirefoxSetup.exe 2014-11-12 00:11:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger 2014-11-12 00:09:09 6C24D159A6EA36C720D33883E5338E86 691112 ----a-w- C:\Users\FredricJLowe\Downloads\msgr11ph.exe 2014-11-12 00:03:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-11 23:44:43 -------- d-----w- C:\Users\Public\AppData 2014-11-11 23:44:43 -------- d-----w- C:\Users\dub_cm_auto\AppData 2014-11-11 21:02:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY 2014-11-11 20:59:02 CEA4EC1D5DF523AD10A88D6750371227 852328 ----a-w- C:\Users\FredricJLowe\Downloads\Firefox_Setup_34.0.exe 2014-11-10 04:27:10 -------- d-----w- C:\ProgramData\RogueKiller 2014-11-09 20:19:32 -------- d-----w- C:\ProgramData\Sophos 2014-11-09 18:54:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-11-09 18:54:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities 2014-11-09 03:26:58 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (3).exe 2014-11-09 03:26:50 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (2).exe 2014-11-09 03:25:26 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025 (1).exe 2014-11-09 03:25:20 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\FredricJLowe\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-09 03:20:08 430A389AE785F228F28234D7C161D351 3778560 ----a-w- C:\Users\FredricJLowe\Downloads\RogueKillerX64.exe 2014-11-09 03:17:19 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (3).exe 2014-11-09 03:15:55 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (2).exe 2014-11-09 03:15:06 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup (1).exe 2014-11-09 03:13:26 E1BA8EE229676CDCE0D85D2661719BB5 796616 ----a-w- C:\Users\FredricJLowe\Downloads\Free_Download_Setup.exe 2014-11-06 13:43:08 0DE7C31D176F9DDEBBB052C654B9806B 3060320 ------w- C:\Users\FredricJLowe\Downloads\NPE.exe 2014-10-19 18:39:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-10-19 18:37:58 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 ====== C: exe-files == 2014-11-12 15:00:46 E0E2FE836FD209FBE336DE720032DA99 96768 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe 2014-11-12 15:00:46 8B4A087962B4411D7FF2A91F6CAE1EBA 54432 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe 2014-11-12 15:00:46 8B4A087962B4411D7FF2A91F6CAE1EBA 54432 ----a-w- C:\Program Files (x86)\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe 2014-11-12 15:00:46 41094C32DD59E2E56EE7AFCB0AB917B3 130208 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe 2014-11-12 15:00:46 37EBCD76164A25F87E61D2158145FA42 59392 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe 2014-11-12 01:07:35 42570D7A89870B2845ACCB5E975060B5 103588 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe 2014-11-12 01:07:31 DEA022193DF8C88F6E2B3E33D148A5DB 114288 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 2014-11-12 00:03:29 D804A4D7DF4228FC0C6105933EEAD715 41093712 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.122\38.0.2125.122_chrome_installer.exe 2014-11-11 23:07:21 B569522A58F9B53B20D16516D26E0DD8 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-11-11 23:07:19 B5724D61C7CB3FC9BACD9F8E58A77A03 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-11-11 23:07:19 2E1CAA313AAE151B8D6E81C0075DE88C 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-11-11 23:07:18 591C6FD1541BAFAEEE82B1F5831C8532 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-11-11 23:07:16 0A2FA344ABBE0D160CE9773256A42B21 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-11-11 23:07:15 F00FC8AF1B04C4611F92BC3DA01A2F49 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-11-11 21:04:09 52DA99DDA2FB639DF5B2816E3CEA2B35 37872 ----a-w- C:\Program Files\WebBar\wbsvc.exe 2014-11-11 21:04:09 4715C6647ED495C85502CB12634B9B5F 737475 ----a-w- C:\Program Files\WebBar\unins000.exe 2014-11-11 21:04:09 2331C427456CF4F198F9FF7CC7B34D7F 211952 ----a-w- C:\Program Files\WebBar\2.0.5422.19599\wb.exe 2014-11-11 21:02:44 C36DCD635909A8DA650FD35931CD2AA4 3268552 ----a-w- C:\Program Files (x86)\ospd_us_377\onesoftperday_widget.exe 2014-11-11 21:02:43 27A736F969B658F984346D145006AB91 393640 ----a-w- C:\Program Files (x86)\ospd_us_377\predm.exe 2014-11-11 21:01:25 E2BA020483C4E62EAF049ECEF90B5B3F 993264 ----a-w- C:\Program Files (x86)\ospd_us_377\unins000.exe 2014-11-11 21:01:25 221432589701A137AF228E8F316AC6D5 3977672 ----a-w- C:\Program Files (x86)\ospd_us_377\ospd_us_377.exe === C: other files == 2014-11-12 15:22:30 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\[url="http://www.google[1].com"]www.google[1].com[/url] 2014-11-12 15:17:31 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\app.noproblemppc[1].com 2014-11-12 14:57:42 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3JJB9AZF\[url="http://www.bleepingcomputer[1].com"]www.bleepingcomputer[1].com[/url] 2014-11-12 14:31:15 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3JJB9AZF\[url="http://www.producersweb[1].com"]www.producersweb[1].com[/url] 2014-11-12 14:25:06 8A80554C91D9FCA8ACB82F023DE02F11 3 ----a-w- C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6B0M60ZP\MalwareTips[1].com ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "rn5.exe"="C:\Program Files (x86)\ActiveTracker\rn5.exe" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "GoogleChromeAutoLaunch_70FA2A021BD990B422754CDCA3624AEA"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" "BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN" "AcronisTimounterMonitor"="C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot" "Act.Outlook.Service"="C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" "Act\Program Files (x86)\ACT\Act for Windows\Act.exe -preload" "ACTSchedulerUI"="C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe -Dfalse" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "ospd_us_377"="C:\Program Files (x86)\ospd_us_377\ospd_us_377.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "rn5.exe"="C:\Program Files (x86)\ActiveTracker\rn5.exe" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "GoogleChromeAutoLaunch_70FA2A021BD990B422754CDCA3624AEA"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "Messenger (Yahoo\PROGRA~2\Yahoo\Messenger\YahooMessenger.exe -quiet" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" "mylbx"="C:\Program Files\My Lockbox\mylbx.exe /a" "MFNetworkScanUtility"="C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQ" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\ICQ7.7\\ICQ.exe\" silent loginmode=4" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\YahooAUService] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2014 09:35 AM] C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3225944584-185484181-3065989196-1000.job --a------ C:\Program Files (x86)\C:itrix\GoToMeeting\1865\g2mupdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/23/2014 01:00 AM] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/23/2014 01:00 AM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\JetBoost_Startup" [C:\Program Files (x86)\BlueSprig\JetBoost\JetBoostTray.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe"] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3225944584-185484181-3065989196-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RPC" [C:\Program Files (x86)\RPC\Reg Pro Cleaner\RegProCleaner.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\{72804138-9FD9-4888-A1E9-A32D689899FA}" [C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe] "C:\Windows\SysNative\tasks\{952C5732-59DD-40A1-81F9-C5213DBBBF3E}" ["C:\Program Files\Internet Explorer\iexplore.exe" [url]http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603[/url]] "C:\Windows\SysNative\tasks\{97A0805E-6B42-4778-9C68-CA81B5E4D6D0}" ["C:\Program Files\Internet Explorer\iexplore.exe" [url]http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603[/url]] "C:\Windows\SysNative\tasks\{B10C07A1-940F-4985-8D4B-C609B9FE0243}" ["C:\Program Files\Internet Explorer\iexplore.exe" [url]http://ui.skype.com/ui/0/6.3.0.107/en/go/help.faq.installer?LastError=1603[/url]] "C:\Windows\SysNative\tasks\{F69CB7A8-2AC0-4C5C-9F7A-F8C62FA6AC4A}" [C:\Users\FredricJLowe\Desktop\ICSolutions13-4.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\NCH Software\ExpressZipSevenDays" [C:\Program Files (x86)\NCH Software\ExpressZip\ExpressZip.exe] "C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Security Suite\Norton Error Processor" [C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [11/12/2014 09:31 AM] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{1D8CE494-1FA3-156A-5998-9E64EAE0C898}"="C:\Program Files (x86)\ver0BetterDeals\182.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default - Undetermined - [EMAIL]alertbox@ajitk.com[/EMAIL] - Undetermined - [EMAIL]exif_viewer@mozilla.doslash.org[/EMAIL] - Undetermined - {1D8CE494-1FA3-156A-5998-9E64EAE0C898} - Distill Web Monitor - AlertBox - %ProfilePath%\extensions\[email]alertbox@ajitk.com.xpi[/email] - Exif Viewer - %ProfilePath%\extensions\[email]exif_viewer@mozilla.doslash.org.xpi[/email] ProfilePath: C:\Users\FREDRI~1\AppData\Roaming\Thunderbird\Profiles\izpoojy7.default - [EMAIL]pmth@readnotify.com[/EMAIL] - C:\Program Files (x86)\ActiveTracker\plugins\thunderbird\pmth - [EMAIL]pmth@readnotify.com[/EMAIL] - %ProfilePath%\extensions\[email]pmth@readnotify.com[/email] - ImportExportTools - %ProfilePath%\extensions\{3ed8cc52-86fc-4613-9026-c1ef969da4c3}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\FredricJLowe\AppData\Roaming\Mozilla\Firefox\Profiles\nzm0n0ik.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 6A03609A79D8C5ACECB66EED53F3A0AB - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) 70677064555D2EB816249ABB0150951F - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fbpdhkpnhljiimdoalmapnaombjlcgja - C:\Program Files (x86)\OApps\chrome-sl.crx[] iikflkcanblccfahdhdonehdalibjnif - No path found[] jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[07/04/2012 05:48 AM] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\FREDRI~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[05/30/2014 10:16 AM] lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Slides - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Google Voice Search Hotword (Beta) - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn YouTube - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Norton Identity Safe - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif RealPlayer HTML5Video Downloader Extension - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk Google Drive App Launcher - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Google Wallet - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Readnotify.com Web Plugin - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofmhkiliplhcecdhmfndhjbppbmoegk Gmail - FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx deleted successfully C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://www.google.com/[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://www.google.com/[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms[/url]}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/url]" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62D3811C-4323-0D30-1FD1-468AFF19EB2A} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3225944584-185484181-3065989196-1000\Software\Mozilla\Firefox\Extensions\{1D8CE494-1FA3-156A-5998-9E64EAE0C898} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fbpdhkpnhljiimdoalmapnaombjlcgja deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\FredricJLowe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\FredricJLowe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=138 folders=80 137874174 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfully C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\dub_cm_auto\AppData\Local\temp emptied successfully C:\Users\FredricJLowe\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\FREDRI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\FXSSVCDebugLogFile.txt" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\FXSTIFFDebugLogFile.txt" not deleted ==== EOF on Wed 11/12/2014 at 10:51:27.24 ====================== This has changed things and now I am not able to access Yahoo messenger and when I launch Thunderbird I am now getting this message. : "Unable to write the email to the mailbox. Make sure the file system allows you write privileges, and you have enough disk space to copy the mailbox." I hope we can reverse the changes that were made which made things worse than earlier this morning. [/QUOTE]
Insert quotes…
Verification
Post reply
Top