I think someone has access to my computer
- Thread starter demonikal
- Start date
First things first, let's see if you're not infected:
http://www.computerforum.com/224967-please-read-before-requesting-malware-removal-help.html
http://www.computerforum.com/224967-please-read-before-requesting-malware-removal-help.html
demonikal
New Member
I'll be running the scans tonight.
But I found what the "thing" is that is causing it. I don't know where it came from but it's only on Firefox. I know this because of 3 things:
1. When this "song" plays for whatever, like 5 seconds, I look in the volume control and I see this thing called "Plugin Container for Firefox" and it's the only volume thing going up and down, other than the master speaker volume.
2. It only does it in Firefox (so far), because I was getting so annoyed with it, that I transferred my bookmarks over to Chrome, after downloading and installing Google Chrome again. I also transferred all my settings from Firefox and it said it couldn't transfer everything because there was some kind of extension or something that it didn't like (I can't remember the exact message).
3. It only happens when I either open up Firefox when Firefox isn't running or sometimes when I open a new tab. When I went into the Program Files (x86)\Mozilla Firefox\ folder and found the Application named "plugin-container", I renamed the file to "plugin-container1", but then certain things requiring Adobe Flash on websites I went to would not function it seemed. But I never had this problem before.
But I found what the "thing" is that is causing it. I don't know where it came from but it's only on Firefox. I know this because of 3 things:
1. When this "song" plays for whatever, like 5 seconds, I look in the volume control and I see this thing called "Plugin Container for Firefox" and it's the only volume thing going up and down, other than the master speaker volume.
2. It only does it in Firefox (so far), because I was getting so annoyed with it, that I transferred my bookmarks over to Chrome, after downloading and installing Google Chrome again. I also transferred all my settings from Firefox and it said it couldn't transfer everything because there was some kind of extension or something that it didn't like (I can't remember the exact message).
3. It only happens when I either open up Firefox when Firefox isn't running or sometimes when I open a new tab. When I went into the Program Files (x86)\Mozilla Firefox\ folder and found the Application named "plugin-container", I renamed the file to "plugin-container1", but then certain things requiring Adobe Flash on websites I went to would not function it seemed. But I never had this problem before.
Agent Smith
Well-Known Member
Have you looked under addons to see if there is crap that shouldn't be there? Especially services and plugins? If you find a service or plugin that isn't suppose to be there use the wonderful search tool called Everything.exe and serach for that service or plugin name and you can nuke it on your computer. http://www.voidtools.com/downloads/
Last edited:
demonikal
New Member
Yeah, I looked in Firefox add-ons. There is nothing there that wasn't there before this thing started happening. Now that I've uninstalled Firefox, off the top of my head what I remember having includes the following:
Flagfox (shows a flag for the country that the server website is located in)
Google Wiktionary/Translate
Fireshot (the best screenshot utility I've ever used)
Lastpass
Adblock Plus (it's disabled on CF.com
)
and I think that's it, off the top of my head...
This is what Chrome keeps saying every time I check Settings: "Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults."
But, I've got a guilty pleasure that I got to admit =/
I THINK that this sound/music started playing when I started occasionally going on Publishers Clearing House, entering sweepstakes. I'm a sweeps addict =/
I say this now, because when I uninstalled Firefox and installed Google Chrome, after getting on the pch.com website and entering some sweeps the first time after having re-installed Chrome, the next time opened a Chrome window when none were open, I got that sound/music. The weird thing is that it seems to never play when I visit the site though. It only plays when I open the Firefox/Chrome window when there are none open or occasionally when opening a new tab. It's annoying that I always have to have my sound turned off. It scares the heck out of me when this sound/music starts playing all of a sudden, because it totally comes out of nowhere (totally random).
However, Malwarebytes and Microsoft Security Essentials have found I think 2 trojans and several PUP gens in the past 2 months. I still don't know if PUP gens are of much risk.
The strange thing is that I don't dL programs from sites I don't know about. There are only a few programs I use that don't have Publisher names in Programs & Features in the Control Panel:
EPU (which is weird, since it is part of ASUS)
f.lux (which is a program for adjusting the color spectrum of the white light on your monitor or HDTV so that you aren't being exposed to blue light during nighttime hours - https://justgetflux.com/)
TAP-Windows 9.9.2 (a program that allows me to use my Torguard.net proxy)
and that's it.
Sorry I haven't gotten around to publishing the results of the tests yet. I was looking thru the log files and I was getting worried about CF users using my personal file info to their advantage, even though I really have nothing to hide
Flagfox (shows a flag for the country that the server website is located in)
Google Wiktionary/Translate
Fireshot (the best screenshot utility I've ever used)
Lastpass
Adblock Plus (it's disabled on CF.com
)and I think that's it, off the top of my head...
This is what Chrome keeps saying every time I check Settings: "Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults."
But, I've got a guilty pleasure that I got to admit =/
I THINK that this sound/music started playing when I started occasionally going on Publishers Clearing House, entering sweepstakes. I'm a sweeps addict =/
I say this now, because when I uninstalled Firefox and installed Google Chrome, after getting on the pch.com website and entering some sweeps the first time after having re-installed Chrome, the next time opened a Chrome window when none were open, I got that sound/music. The weird thing is that it seems to never play when I visit the site though. It only plays when I open the Firefox/Chrome window when there are none open or occasionally when opening a new tab. It's annoying that I always have to have my sound turned off. It scares the heck out of me when this sound/music starts playing all of a sudden, because it totally comes out of nowhere (totally random).
However, Malwarebytes and Microsoft Security Essentials have found I think 2 trojans and several PUP gens in the past 2 months. I still don't know if PUP gens are of much risk.
The strange thing is that I don't dL programs from sites I don't know about. There are only a few programs I use that don't have Publisher names in Programs & Features in the Control Panel:
EPU (which is weird, since it is part of ASUS)
f.lux (which is a program for adjusting the color spectrum of the white light on your monitor or HDTV so that you aren't being exposed to blue light during nighttime hours - https://justgetflux.com/)
TAP-Windows 9.9.2 (a program that allows me to use my Torguard.net proxy)
and that's it.
Sorry I haven't gotten around to publishing the results of the tests yet. I was looking thru the log files and I was getting worried about CF users using my personal file info to their advantage, even though I really have nothing to hide
Last edited:
Sorry I haven't gotten around to publishing the results of the tests yet. I was looking thru the log files and I was getting worried about CF users using my personal file info to their advantage, even though I really have nothing to hide
I'm not going to argue on this paranoïa but we can't help you if we don't see logs...
worried about CF users using my personal file info to their advantage
I really have nothing to hide
Contradiction much.
What advantage specifically? You can just look through and see if there is any sensitive data in the output and remove or asterisk it...
Knowing there is a file named firefox.exe on your PC doesn't really mean anything.
demonikal
New Member
Note: I did not edit anything out.
---------------------------------------------------------------------------------------
1. AdWare Cleaner
# AdwCleaner v4.201 - Logfile created 09/04/2015 at 08:02:27
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : crid - CRID7PC
# Running from : F:\Programs\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe
Folder Deleted : C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg
File Deleted : C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mcbpblocgmgfnpjjppndjkmgjaogfceg_0.localstorage
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v
-\\ Google Chrome v41.0.2272.118
[C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : plkplgmhfkkhokgkdkblfcnfeccpippe
[C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mcbpblocgmgfnpjjppndjkmgjaogfceg
*************************
AdwCleaner[R0].txt - [21237 bytes] - [06/04/2015 06:06:45]
AdwCleaner[R1].txt - [1922 bytes] - [08/04/2015 07:37:57]
AdwCleaner[R2].txt - [1672 bytes] - [09/04/2015 07:34:35]
AdwCleaner[R3].txt - [2078 bytes] - [09/04/2015 08:02:00]
AdwCleaner[S0].txt - [3854 bytes] - [06/04/2015 06:07:52]
AdwCleaner[S1].txt - [2000 bytes] - [08/04/2015 07:38:29]
AdwCleaner[S2].txt - [1746 bytes] - [09/04/2015 07:37:22]
AdwCleaner[S3].txt - [2017 bytes] - [09/04/2015 08:02:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2076 bytes] ##########
---------------------------------------------------------------------------------------
2. Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Professional x64
Ran by crid on 04/09/2015 at 8:05:33.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/09/2015 at 8:07:21.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------------------------
3. Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 04/09/2015
Scan Time: 08:14:48 AM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.04.09.05
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: crid
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337994
Time Elapsed: 5 min, 33 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 3
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\2.3_0, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\2.3_0\_metadata, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
Files: 2
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\2.3_0\_metadata\computed_hashes.json, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\2.3_0\_metadata\verified_contents.json, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
Physical Sectors: 0
(No malicious items detected)
(end)
---------------------------------------------------------------------------------------
4. OTL
OTL logfile created on: 04/09/2015 08:23:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Programs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
15.25 Gb Total Physical Memory | 13.33 Gb Available Physical Memory | 87.42% Memory free
30.49 Gb Paging File | 28.53 Gb Available in Paging File | 93.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.94 Gb Total Space | 66.76 Gb Free Space | 47.71% Space Free | Partition Type: NTFS
Drive E: | 95.59 Gb Total Space | 43.14 Gb Free Space | 45.14% Space Free | Partition Type: NTFS
Drive F: | 641.82 Gb Total Space | 583.33 Gb Free Space | 90.89% Space Free | Partition Type: NTFS
Drive H: | 281.51 Gb Total Space | 281.02 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive N: | 14.83 Gb Total Space | 13.94 Gb Free Space | 93.98% Space Free | Partition Type: FAT32
Computer Name: CRID7PC | User Name: crid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (BoxSyncUpdateService) -- C:\Program Files\Box\Box Sync\SyncUpdaterService.exe (Box, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (torguardtap0901) -- C:\Windows\SysNative\drivers\torguardtap0901.sys (The OpenVPN Project)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.)
DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (HandSet Incorporated)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultenginename.US: "Bing"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "about:newtab"
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:7.2
FF - prefs.js..extensions.enabledAddons: vk%40sergeykolosov.mp:0.3.8.1
FF - prefs.js..extensions.enabledAddons: %7BB64D9B05-48E1-4CEB-BF58-E0643994E900%7D:4.6.0.1126
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.70
FF - prefs.js..extensions.enabledAddons: %7B6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65%7D:0.9.6
FF - prefs.js..extensions.enabledAddons: %7Bdc501fe1-520b-41f2-9421-ecbb2e7f0255%7D:1.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2014/12/15 09:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Extensions
[2015/04/09 07:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions
[2015/03/28 08:23:54 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2015/02/09 21:15:10 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\[email protected]
[2015/02/09 21:15:10 | 000,055,645 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\[email protected]
[2015/02/15 03:06:39 | 000,047,944 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\[email protected]
[2015/03/13 03:39:23 | 000,745,385 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2015/02/19 15:26:14 | 000,038,626 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi
[2015/04/01 19:37:03 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- C:\USERS\CRID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S4X6WKX6.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
File not found (No name found) -- C:\USERS\CRID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S4X6WKX6.DEFAULT\EXTENSIONS\{DC501FE1-520B-41F2-9421-ECBB2E7F0255}.XPI
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.12_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiboapbeogghkciminokemmainicdjed\5_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1.1_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic\1.1.3_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.97_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.15145.1188_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\3.3_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\6.15.7_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.12_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BoxSync] C:\Program Files\Box\Box Sync\BoxSync.exe (Box, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [f.lux] C:\Users\crid\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\crid\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\RunOnce: [BrStsW64.exe] C:\Program Files (x86)\Brownie\BrStsW64.exe (brother)
O4 - Startup: C:\Users\crid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\crid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89AA3C2B-14E2-4597-946D-3DC67AC2EB9C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A7279F3-E177-43F3-B43B-EAE0433B492C}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC89BF0-B26F-42D7-B819-EB91B4C5B492}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ec93a575-7a62-11e4-b37d-e0cb4e24eebe}\Shell - "" = AutoRun
O33 - MountPoints2\{ec93a575-7a62-11e4-b37d-e0cb4e24eebe}\Shell\AutoRun\command - "" = I:\Windows\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/04/09 05:53:00 | 000,000,000 | ---D | C] -- C:\Users\crid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/04/07 05:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigitalAdvertisingAlliance
[2015/04/06 06:13:10 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/04/06 06:06:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/04/04 20:34:47 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2015/04/04 20:19:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2015/04/04 20:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2015/03/28 13:41:17 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015/03/28 13:41:17 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015/03/27 04:33:48 | 000,000,000 | ---D | C] -- C:\Users\crid\Downloads
[2015/03/27 03:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2015/03/27 03:19:16 | 000,073,872 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015/03/27 03:19:16 | 000,060,560 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015/03/27 03:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2015/03/27 03:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2015/03/27 03:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2015/03/27 03:11:13 | 000,207,872 | ---- | C] (Power Admin LLC) -- C:\Windows\PAExec.exe
[2015/03/23 20:21:56 | 000,064,040 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1E62x64.sys
[2015/03/23 19:02:23 | 000,013,824 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2015/03/23 17:53:25 | 000,000,000 | ---D | C] -- C:\Windows\AMD_Chipset_Win7_V307320
[2015/03/23 03:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2170W
[2015/03/23 03:43:45 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\brlmw03a.dll
[2015/03/23 03:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brownie
[2015/03/23 03:43:41 | 000,200,704 | ---- | C] (brother) -- C:\Windows\SysWow64\Pdrvinst.dll
[2015/03/23 03:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2015/03/20 06:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA XHCI UASP Utility
[2015/03/20 06:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\VIA XHCI UASP Utility
[2015/03/20 06:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2015/03/17 01:57:01 | 000,000,000 | ---D | C] -- C:\Users\crid\AppData\Local\WinDroid_Studios
[2015/03/13 17:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPNetwork LLC
[2015/03/13 06:26:16 | 000,039,840 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\torguardtap0901.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/04/09 08:14:41 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/04/09 08:11:03 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/04/09 08:11:03 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/04/09 08:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/04/09 08:08:07 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/04/09 08:08:07 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/04/09 08:08:07 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/04/09 08:04:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/04/09 08:04:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/04/09 08:03:55 | 3689,549,822 | -HS- | M] () -- C:\hiberfil.sys
[2015/04/09 07:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/04/09 05:37:16 | 000,239,077 | ---- | M] () -- C:\Users\crid\Desktop\RadioShack 60x-100x powered microscope.png
[2015/04/08 08:37:29 | 000,001,992 | ---- | M] () -- C:\Windows\SysNative\cc_20150408_083725.reg
[2015/04/08 07:35:54 | 000,000,286 | ---- | M] () -- C:\Windows\SysNative\cc_20150408_073549.reg
[2015/04/08 04:48:35 | 000,079,521 | ---- | M] () -- F:\Documents\Interactive Tax Assistant Interview Summary.pdf
[2015/04/07 23:00:45 | 000,467,897 | ---- | M] () -- C:\Users\crid\Desktop\Malware check.pdf
[2015/04/07 21:26:36 | 000,006,394 | ---- | M] () -- C:\Windows\SysNative\cc_20150407_212632.reg
[2015/04/07 06:40:52 | 000,002,292 | ---- | M] () -- C:\Users\crid\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/04/06 23:57:30 | 000,000,176 | ---- | M] () -- C:\Windows\SysNative\cc_20150406_235725.reg
[2015/04/06 06:46:54 | 000,002,346 | ---- | M] () -- C:\Windows\SysNative\cc_20150406_064650.reg
[2015/04/06 06:44:49 | 000,066,044 | ---- | M] () -- C:\Windows\SysNative\cc_20150406_064444.reg
[2015/04/06 06:13:11 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-CRID7PC-Windows-7-Professional-(64-bit).dat
[2015/04/06 05:48:09 | 000,003,124 | ---- | M] () -- C:\Users\crid\Desktop\Coleman Helios X2 Tent - Shortcut.lnk
[2015/04/06 02:48:44 | 000,001,193 | ---- | M] () -- C:\Users\crid\Desktop\Recycling Electronics.rtf
[2015/03/30 16:23:19 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2015/03/28 13:50:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf
[2015/03/28 13:47:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2015/03/27 03:14:51 | 000,207,872 | ---- | M] (Power Admin LLC) -- C:\Windows\PAExec.exe
[2015/03/24 19:52:04 | 001,714,201 | ---- | M] () -- C:\Users\crid\Desktop\10 Time Management Tips.pdf
[2015/03/23 21:07:48 | 000,540,150 | ---- | M] () -- F:\Documents\Ready Remote - Model 24923 - Guide.pdf
[2015/03/23 19:28:31 | 000,000,511 | ---- | M] () -- C:\Windows\Brownie.ini
[2015/03/23 19:02:23 | 000,013,824 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2015/03/23 18:51:13 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2015/03/23 17:53:25 | 000,015,872 | ---- | M] () -- C:\Windows\AsTaskSched.dll
[2015/03/23 17:53:02 | 000,236,544 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2015/03/23 17:53:02 | 000,193,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2015/03/23 17:53:02 | 000,086,016 | ---- | M] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2015/03/23 17:53:02 | 000,082,432 | ---- | M] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2015/03/23 15:16:21 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2170W.DAT
[2015/03/23 03:43:46 | 000,009,868 | ---- | M] () -- C:\Windows\HL-2170W.INI
[2015/03/23 03:43:46 | 000,000,152 | ---- | M] () -- C:\Windows\BRVIDEO.INI
[2015/03/23 03:43:46 | 000,000,000 | ---- | M] () -- C:\Windows\brmx2001.ini
[2015/03/20 10:39:34 | 001,749,996 | ---- | M] () -- F:\Documents\Take Control of Your Credit Score - Brochure.pdf
[2015/03/20 07:42:45 | 000,435,143 | ---- | M] () -- C:\Users\crid\Desktop\Ticket to Work Brochure (EN-05-10061).pdf
[2015/03/20 06:53:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ViaHub3_01011.Wdf
[2015/03/20 06:53:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xhcdrv_01011.Wdf
[2015/03/17 09:41:47 | 000,437,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/03/13 14:41:47 | 000,073,872 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015/03/13 14:41:47 | 000,060,560 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015/03/13 14:41:47 | 000,027,441 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2015/03/13 06:26:16 | 000,039,840 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\torguardtap0901.sys
[2015/03/11 12:12:25 | 000,001,139 | ---- | M] () -- C:\Users\crid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/03/11 08:10:00 | 004,246,327 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/04/09 05:37:15 | 000,239,077 | ---- | C] () -- C:\Users\crid\Desktop\RadioShack 60x-100x powered microscope.png
[2015/04/08 08:37:28 | 000,001,992 | ---- | C] () -- C:\Windows\SysNative\cc_20150408_083725.reg
[2015/04/08 07:35:52 | 000,000,286 | ---- | C] () -- C:\Windows\SysNative\cc_20150408_073549.reg
[2015/04/08 04:48:35 | 000,079,521 | ---- | C] () -- F:\Documents\Interactive Tax Assistant Interview Summary.pdf
[2015/04/07 23:00:45 | 000,467,897 | ---- | C] () -- C:\Users\crid\Desktop\Malware check.pdf
[2015/04/07 21:26:34 | 000,006,394 | ---- | C] () -- C:\Windows\SysNative\cc_20150407_212632.reg
[2015/04/06 23:57:28 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\cc_20150406_235725.reg
[2015/04/06 06:46:53 | 000,002,346 | ---- | C] () -- C:\Windows\SysNative\cc_20150406_064650.reg
[2015/04/06 06:44:47 | 000,066,044 | ---- | C] () -- C:\Windows\SysNative\cc_20150406_064444.reg
[2015/04/06 06:13:11 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CRID7PC-Windows-7-Professional-(64-bit).dat
[2015/04/06 05:57:06 | 000,110,012 | ---- | C] () -- C:\Users\crid\Desktop\cortland brother's mortuary.wav
[2015/04/06 05:48:12 | 000,003,124 | ---- | C] () -- C:\Users\crid\Desktop\Coleman Helios X2 Tent - Shortcut.lnk
[2015/04/06 02:48:44 | 000,001,193 | ---- | C] () -- C:\Users\crid\Desktop\Recycling Electronics.rtf
[2015/03/28 13:50:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf
[2015/03/28 13:47:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2015/03/27 03:19:25 | 004,246,327 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2015/03/27 03:18:42 | 000,027,441 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2015/03/24 19:52:04 | 001,714,201 | ---- | C] () -- C:\Users\crid\Desktop\10 Time Management Tips.pdf
[2015/03/23 21:07:48 | 000,540,150 | ---- | C] () -- F:\Documents\Ready Remote - Model 24923 - Guide.pdf
[2015/03/23 18:47:09 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2015/03/23 17:53:25 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll
[2015/03/23 03:43:46 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2015/03/23 03:43:46 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2015/03/23 03:43:45 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2015/03/23 03:43:45 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2015/03/23 03:39:52 | 000,000,511 | ---- | C] () -- C:\Windows\Brownie.ini
[2015/03/20 10:39:34 | 001,749,996 | ---- | C] () -- F:\Documents\Take Control of Your Credit Score - Brochure.pdf
[2015/03/20 07:42:45 | 000,435,143 | ---- | C] () -- C:\Users\crid\Desktop\Ticket to Work Brochure (EN-05-10061).pdf
[2015/03/20 06:53:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ViaHub3_01011.Wdf
[2015/03/20 06:53:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xhcdrv_01011.Wdf
[2015/03/07 20:10:49 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2015/03/05 16:59:25 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2015/03/05 16:59:25 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2015/01/16 20:54:21 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/12/02 17:11:07 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2014/12/02 17:11:07 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2014/12/02 17:10:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/12/02 17:09:26 | 000,029,971 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2014/12/02 16:01:07 | 000,821,544 | ---- | C] () -- C:\Windows\adb.exe
[2014/12/02 15:59:53 | 000,770,088 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 00:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 00:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2015/04/07 21:25:43 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\BitTorrent
[2015/01/15 15:46:43 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\dlg
[2015/04/09 08:04:14 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\Dropbox
[2015/03/31 04:05:59 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\DVDVideoSoft
[2015/03/05 19:47:09 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\FireShot
[2015/02/12 13:13:32 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\FreeVideoEditor
[2015/03/17 01:52:09 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\HTC
[2014/12/02 06:04:06 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\Leadertech
[2015/04/09 06:48:37 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\Spotify
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2015/03/24 00:10:53 | 000,006,236 | ---- | M] ()(F:\Documents\??? ????? - vk_com_app638461_174875690.png) -- F:\Documents\Мои Гости - vk_com_app638461_174875690.png
[2015/03/24 00:10:53 | 000,006,236 | ---- | C] ()(F:\Documents\??? ????? - vk_com_app638461_174875690.png) -- F:\Documents\Мои Гости - vk_com_app638461_174875690.png
< End of report >
---------------------------------------------------------------------------------------
1. AdWare Cleaner
# AdwCleaner v4.201 - Logfile created 09/04/2015 at 08:02:27
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : crid - CRID7PC
# Running from : F:\Programs\adwcleaner_4.201.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\plkplgmhfkkhokgkdkblfcnfeccpippe
Folder Deleted : C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg
File Deleted : C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mcbpblocgmgfnpjjppndjkmgjaogfceg_0.localstorage
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v
-\\ Google Chrome v41.0.2272.118
[C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : plkplgmhfkkhokgkdkblfcnfeccpippe
[C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mcbpblocgmgfnpjjppndjkmgjaogfceg
*************************
AdwCleaner[R0].txt - [21237 bytes] - [06/04/2015 06:06:45]
AdwCleaner[R1].txt - [1922 bytes] - [08/04/2015 07:37:57]
AdwCleaner[R2].txt - [1672 bytes] - [09/04/2015 07:34:35]
AdwCleaner[R3].txt - [2078 bytes] - [09/04/2015 08:02:00]
AdwCleaner[S0].txt - [3854 bytes] - [06/04/2015 06:07:52]
AdwCleaner[S1].txt - [2000 bytes] - [08/04/2015 07:38:29]
AdwCleaner[S2].txt - [1746 bytes] - [09/04/2015 07:37:22]
AdwCleaner[S3].txt - [2017 bytes] - [09/04/2015 08:02:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2076 bytes] ##########
---------------------------------------------------------------------------------------
2. Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Professional x64
Ran by crid on 04/09/2015 at 8:05:33.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/09/2015 at 8:07:21.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------------------------
3. Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 04/09/2015
Scan Time: 08:14:48 AM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.04.09.05
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: crid
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337994
Time Elapsed: 5 min, 33 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 3
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\2.3_0, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\2.3_0\_metadata, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
Files: 2
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\2.3_0\_metadata\computed_hashes.json, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
PUP.Optional.BrowseCoupon.A, C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk\2.3_0\_metadata\verified_contents.json, Quarantined, [868d55f78a00fa3cbef4425345bea65a],
Physical Sectors: 0
(No malicious items detected)
(end)
---------------------------------------------------------------------------------------
4. OTL
OTL logfile created on: 04/09/2015 08:23:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Programs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
15.25 Gb Total Physical Memory | 13.33 Gb Available Physical Memory | 87.42% Memory free
30.49 Gb Paging File | 28.53 Gb Available in Paging File | 93.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.94 Gb Total Space | 66.76 Gb Free Space | 47.71% Space Free | Partition Type: NTFS
Drive E: | 95.59 Gb Total Space | 43.14 Gb Free Space | 45.14% Space Free | Partition Type: NTFS
Drive F: | 641.82 Gb Total Space | 583.33 Gb Free Space | 90.89% Space Free | Partition Type: NTFS
Drive H: | 281.51 Gb Total Space | 281.02 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive N: | 14.83 Gb Total Space | 13.94 Gb Free Space | 93.98% Space Free | Partition Type: FAT32
Computer Name: CRID7PC | User Name: crid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (BoxSyncUpdateService) -- C:\Program Files\Box\Box Sync\SyncUpdaterService.exe (Box, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (torguardtap0901) -- C:\Windows\SysNative\drivers\torguardtap0901.sys (The OpenVPN Project)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (VUSB3HUB) -- C:\Windows\SysNative\drivers\ViaHub3.sys (VIA Technologies, Inc.)
DRV:64bit: - (xhcdrv) -- C:\Windows\SysNative\drivers\xhcdrv.sys (VIA Technologies, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (HandSet Incorporated)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultenginename.US: "Bing"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "about:newtab"
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:7.2
FF - prefs.js..extensions.enabledAddons: vk%40sergeykolosov.mp:0.3.8.1
FF - prefs.js..extensions.enabledAddons: %7BB64D9B05-48E1-4CEB-BF58-E0643994E900%7D:4.6.0.1126
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.70
FF - prefs.js..extensions.enabledAddons: %7B6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65%7D:0.9.6
FF - prefs.js..extensions.enabledAddons: %7Bdc501fe1-520b-41f2-9421-ecbb2e7f0255%7D:1.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2014/12/15 09:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Extensions
[2015/04/09 07:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions
[2015/03/28 08:23:54 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2015/02/09 21:15:10 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\[email protected]
[2015/02/09 21:15:10 | 000,055,645 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\[email protected]
[2015/02/15 03:06:39 | 000,047,944 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\[email protected]
[2015/03/13 03:39:23 | 000,745,385 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
[2015/02/19 15:26:14 | 000,038,626 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi
[2015/04/01 19:37:03 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\crid\AppData\Roaming\Mozilla\Firefox\Profiles\s4x6wkx6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- C:\USERS\CRID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S4X6WKX6.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
File not found (No name found) -- C:\USERS\CRID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S4X6WKX6.DEFAULT\EXTENSIONS\{DC501FE1-520B-41F2-9421-ECBB2E7F0255}.XPI
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.12_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiboapbeogghkciminokemmainicdjed\5_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.4_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1.1_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic\1.1.3_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.97_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.15145.1188_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\3.3_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\6.15.7_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.12_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
CHR - Extension: No name found = C:\Users\crid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BoxSync] C:\Program Files\Box\Box Sync\BoxSync.exe (Box, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [f.lux] C:\Users\crid\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\crid\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\RunOnce: [BrStsW64.exe] C:\Program Files (x86)\Brownie\BrStsW64.exe (brother)
O4 - Startup: C:\Users\crid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\crid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89AA3C2B-14E2-4597-946D-3DC67AC2EB9C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A7279F3-E177-43F3-B43B-EAE0433B492C}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC89BF0-B26F-42D7-B819-EB91B4C5B492}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ec93a575-7a62-11e4-b37d-e0cb4e24eebe}\Shell - "" = AutoRun
O33 - MountPoints2\{ec93a575-7a62-11e4-b37d-e0cb4e24eebe}\Shell\AutoRun\command - "" = I:\Windows\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/04/09 05:53:00 | 000,000,000 | ---D | C] -- C:\Users\crid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/04/07 05:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigitalAdvertisingAlliance
[2015/04/06 06:13:10 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/04/06 06:06:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/04/04 20:34:47 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2015/04/04 20:19:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2015/04/04 20:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2015/03/28 13:41:17 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015/03/28 13:41:17 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015/03/27 04:33:48 | 000,000,000 | ---D | C] -- C:\Users\crid\Downloads
[2015/03/27 03:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2015/03/27 03:19:16 | 000,073,872 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015/03/27 03:19:16 | 000,060,560 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015/03/27 03:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2015/03/27 03:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2015/03/27 03:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2015/03/27 03:11:13 | 000,207,872 | ---- | C] (Power Admin LLC) -- C:\Windows\PAExec.exe
[2015/03/23 20:21:56 | 000,064,040 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1E62x64.sys
[2015/03/23 19:02:23 | 000,013,824 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2015/03/23 17:53:25 | 000,000,000 | ---D | C] -- C:\Windows\AMD_Chipset_Win7_V307320
[2015/03/23 03:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2170W
[2015/03/23 03:43:45 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\brlmw03a.dll
[2015/03/23 03:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brownie
[2015/03/23 03:43:41 | 000,200,704 | ---- | C] (brother) -- C:\Windows\SysWow64\Pdrvinst.dll
[2015/03/23 03:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2015/03/20 06:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA XHCI UASP Utility
[2015/03/20 06:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\VIA XHCI UASP Utility
[2015/03/20 06:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2015/03/17 01:57:01 | 000,000,000 | ---D | C] -- C:\Users\crid\AppData\Local\WinDroid_Studios
[2015/03/13 17:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPNetwork LLC
[2015/03/13 06:26:16 | 000,039,840 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\torguardtap0901.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/04/09 08:14:41 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/04/09 08:11:03 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/04/09 08:11:03 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/04/09 08:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/04/09 08:08:07 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/04/09 08:08:07 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/04/09 08:08:07 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/04/09 08:04:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/04/09 08:04:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/04/09 08:03:55 | 3689,549,822 | -HS- | M] () -- C:\hiberfil.sys
[2015/04/09 07:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/04/09 05:37:16 | 000,239,077 | ---- | M] () -- C:\Users\crid\Desktop\RadioShack 60x-100x powered microscope.png
[2015/04/08 08:37:29 | 000,001,992 | ---- | M] () -- C:\Windows\SysNative\cc_20150408_083725.reg
[2015/04/08 07:35:54 | 000,000,286 | ---- | M] () -- C:\Windows\SysNative\cc_20150408_073549.reg
[2015/04/08 04:48:35 | 000,079,521 | ---- | M] () -- F:\Documents\Interactive Tax Assistant Interview Summary.pdf
[2015/04/07 23:00:45 | 000,467,897 | ---- | M] () -- C:\Users\crid\Desktop\Malware check.pdf
[2015/04/07 21:26:36 | 000,006,394 | ---- | M] () -- C:\Windows\SysNative\cc_20150407_212632.reg
[2015/04/07 06:40:52 | 000,002,292 | ---- | M] () -- C:\Users\crid\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/04/06 23:57:30 | 000,000,176 | ---- | M] () -- C:\Windows\SysNative\cc_20150406_235725.reg
[2015/04/06 06:46:54 | 000,002,346 | ---- | M] () -- C:\Windows\SysNative\cc_20150406_064650.reg
[2015/04/06 06:44:49 | 000,066,044 | ---- | M] () -- C:\Windows\SysNative\cc_20150406_064444.reg
[2015/04/06 06:13:11 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-CRID7PC-Windows-7-Professional-(64-bit).dat
[2015/04/06 05:48:09 | 000,003,124 | ---- | M] () -- C:\Users\crid\Desktop\Coleman Helios X2 Tent - Shortcut.lnk
[2015/04/06 02:48:44 | 000,001,193 | ---- | M] () -- C:\Users\crid\Desktop\Recycling Electronics.rtf
[2015/03/30 16:23:19 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2015/03/28 13:50:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf
[2015/03/28 13:47:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2015/03/27 03:14:51 | 000,207,872 | ---- | M] (Power Admin LLC) -- C:\Windows\PAExec.exe
[2015/03/24 19:52:04 | 001,714,201 | ---- | M] () -- C:\Users\crid\Desktop\10 Time Management Tips.pdf
[2015/03/23 21:07:48 | 000,540,150 | ---- | M] () -- F:\Documents\Ready Remote - Model 24923 - Guide.pdf
[2015/03/23 19:28:31 | 000,000,511 | ---- | M] () -- C:\Windows\Brownie.ini
[2015/03/23 19:02:23 | 000,013,824 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2015/03/23 18:51:13 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2015/03/23 17:53:25 | 000,015,872 | ---- | M] () -- C:\Windows\AsTaskSched.dll
[2015/03/23 17:53:02 | 000,236,544 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2015/03/23 17:53:02 | 000,193,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2015/03/23 17:53:02 | 000,086,016 | ---- | M] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2015/03/23 17:53:02 | 000,082,432 | ---- | M] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2015/03/23 15:16:21 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2170W.DAT
[2015/03/23 03:43:46 | 000,009,868 | ---- | M] () -- C:\Windows\HL-2170W.INI
[2015/03/23 03:43:46 | 000,000,152 | ---- | M] () -- C:\Windows\BRVIDEO.INI
[2015/03/23 03:43:46 | 000,000,000 | ---- | M] () -- C:\Windows\brmx2001.ini
[2015/03/20 10:39:34 | 001,749,996 | ---- | M] () -- F:\Documents\Take Control of Your Credit Score - Brochure.pdf
[2015/03/20 07:42:45 | 000,435,143 | ---- | M] () -- C:\Users\crid\Desktop\Ticket to Work Brochure (EN-05-10061).pdf
[2015/03/20 06:53:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ViaHub3_01011.Wdf
[2015/03/20 06:53:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xhcdrv_01011.Wdf
[2015/03/17 09:41:47 | 000,437,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/03/13 14:41:47 | 000,073,872 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2015/03/13 14:41:47 | 000,060,560 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2015/03/13 14:41:47 | 000,027,441 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2015/03/13 06:26:16 | 000,039,840 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\torguardtap0901.sys
[2015/03/11 12:12:25 | 000,001,139 | ---- | M] () -- C:\Users\crid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/03/11 08:10:00 | 004,246,327 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/04/09 05:37:15 | 000,239,077 | ---- | C] () -- C:\Users\crid\Desktop\RadioShack 60x-100x powered microscope.png
[2015/04/08 08:37:28 | 000,001,992 | ---- | C] () -- C:\Windows\SysNative\cc_20150408_083725.reg
[2015/04/08 07:35:52 | 000,000,286 | ---- | C] () -- C:\Windows\SysNative\cc_20150408_073549.reg
[2015/04/08 04:48:35 | 000,079,521 | ---- | C] () -- F:\Documents\Interactive Tax Assistant Interview Summary.pdf
[2015/04/07 23:00:45 | 000,467,897 | ---- | C] () -- C:\Users\crid\Desktop\Malware check.pdf
[2015/04/07 21:26:34 | 000,006,394 | ---- | C] () -- C:\Windows\SysNative\cc_20150407_212632.reg
[2015/04/06 23:57:28 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\cc_20150406_235725.reg
[2015/04/06 06:46:53 | 000,002,346 | ---- | C] () -- C:\Windows\SysNative\cc_20150406_064650.reg
[2015/04/06 06:44:47 | 000,066,044 | ---- | C] () -- C:\Windows\SysNative\cc_20150406_064444.reg
[2015/04/06 06:13:11 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-CRID7PC-Windows-7-Professional-(64-bit).dat
[2015/04/06 05:57:06 | 000,110,012 | ---- | C] () -- C:\Users\crid\Desktop\cortland brother's mortuary.wav
[2015/04/06 05:48:12 | 000,003,124 | ---- | C] () -- C:\Users\crid\Desktop\Coleman Helios X2 Tent - Shortcut.lnk
[2015/04/06 02:48:44 | 000,001,193 | ---- | C] () -- C:\Users\crid\Desktop\Recycling Electronics.rtf
[2015/03/28 13:50:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf
[2015/03/28 13:47:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2015/03/27 03:19:25 | 004,246,327 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2015/03/27 03:18:42 | 000,027,441 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2015/03/24 19:52:04 | 001,714,201 | ---- | C] () -- C:\Users\crid\Desktop\10 Time Management Tips.pdf
[2015/03/23 21:07:48 | 000,540,150 | ---- | C] () -- F:\Documents\Ready Remote - Model 24923 - Guide.pdf
[2015/03/23 18:47:09 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2015/03/23 17:53:25 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll
[2015/03/23 03:43:46 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2015/03/23 03:43:46 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2015/03/23 03:43:45 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2015/03/23 03:43:45 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2015/03/23 03:39:52 | 000,000,511 | ---- | C] () -- C:\Windows\Brownie.ini
[2015/03/20 10:39:34 | 001,749,996 | ---- | C] () -- F:\Documents\Take Control of Your Credit Score - Brochure.pdf
[2015/03/20 07:42:45 | 000,435,143 | ---- | C] () -- C:\Users\crid\Desktop\Ticket to Work Brochure (EN-05-10061).pdf
[2015/03/20 06:53:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ViaHub3_01011.Wdf
[2015/03/20 06:53:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xhcdrv_01011.Wdf
[2015/03/07 20:10:49 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2015/03/05 16:59:25 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2015/03/05 16:59:25 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2015/01/16 20:54:21 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/12/02 17:11:07 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2014/12/02 17:11:07 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2014/12/02 17:10:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/12/02 17:09:26 | 000,029,971 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2014/12/02 16:01:07 | 000,821,544 | ---- | C] () -- C:\Windows\adb.exe
[2014/12/02 15:59:53 | 000,770,088 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 00:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 00:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2015/04/07 21:25:43 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\BitTorrent
[2015/01/15 15:46:43 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\dlg
[2015/04/09 08:04:14 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\Dropbox
[2015/03/31 04:05:59 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\DVDVideoSoft
[2015/03/05 19:47:09 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\FireShot
[2015/02/12 13:13:32 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\FreeVideoEditor
[2015/03/17 01:52:09 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\HTC
[2014/12/02 06:04:06 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\Leadertech
[2015/04/09 06:48:37 | 000,000,000 | ---D | M] -- C:\Users\crid\AppData\Roaming\Spotify
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2015/03/24 00:10:53 | 000,006,236 | ---- | M] ()(F:\Documents\??? ????? - vk_com_app638461_174875690.png) -- F:\Documents\Мои Гости - vk_com_app638461_174875690.png
[2015/03/24 00:10:53 | 000,006,236 | ---- | C] ()(F:\Documents\??? ????? - vk_com_app638461_174875690.png) -- F:\Documents\Мои Гости - vk_com_app638461_174875690.png
< End of report >
You have a FF addon of this.
FF - prefs.js..extensions.enabledAddons: vk%40sergeykolosov.mp:0.3.8.1
Which is this.
VKontakte.ru Downloader - Download music, videos and photos from VK.com / vkontakte.ru.
I suggest removing it and see if it stops.
To put it bluntly... You are asking for problems with the software you have installed. This must be part of that sweepstakes crap.
C:\Program Files (x86)\DigitalAdvertisingAlliance
I would advise you to uninstall all the crap that you know you shouldn't have and go from there.
FF - prefs.js..extensions.enabledAddons: vk%40sergeykolosov.mp:0.3.8.1
Which is this.
VKontakte.ru Downloader - Download music, videos and photos from VK.com / vkontakte.ru.
I suggest removing it and see if it stops.
To put it bluntly... You are asking for problems with the software you have installed. This must be part of that sweepstakes crap.
C:\Program Files (x86)\DigitalAdvertisingAlliance
I would advise you to uninstall all the crap that you know you shouldn't have and go from there.
demonikal
New Member
VK or (Vkontakte.com) is basically the European Facebook. I've had an account on there going back to 2012. You can search for songs on there and add them to your Music playlist. This VK Downloader extension allows people to download the songs to their computer, the same way that there are many YouTube extensions for Firefox and Chrome that allow people to download YouTube videos and YouTube songs with no video. But I'll try uninstalling it and see what happens, even though I already uninstalled Firefox.
I never downloaded anything from the sweeps "crap". That's the thing. I never downloaded anything from them. That DigitalAdvertisingAlliance extension just makes it so that ad companies can't track me - at least the ones that I opted out of. You can't opt out of all of them. You can find that extension through the websites that allow you to opt out of the advertising, exactly the same way that you would opt out of telemarketers calling your home phone or cell phone. The only difference is that I thought it would help even more if I downloaded the extension, but I will go ahead an remove it from Chrome.
Again though, I never downloaded ANYTHING from the sweepstakes website. And I always had AdBlock Plus enabled so that I would never see ads. Perhaps it was when Shockwave Flash kept crashing that I disabled AdBlock Plus and then there was some file that was saved to my Chrome folder without my permission.
Last edited:
I clicked on VKontakte because I had never heard of it (and I'm French), looks suspicious as hell. In Europe, we use Facebook. I'd suggest you stay away from this
Last edited:
C4C
Well-Known Member
I clicked on VKontakte because I had never hear of it (and I'm French), looks suspicious as hell. In Europe, we use Facebook. I'd suggest you stay away from this
Russian Facebook.... I'd avoid it too...
If its still happening, then please download and run the comobifx so I can see if there are any bad services running. However, download and run Tdsskiller first.
Please download and run TDSSkiller
When the program opens, click on the start scan button.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.
After trying to clean them it will pop up with the results of the scan and its actions.
Please reboot the system if asked to do so.
After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Please open the log and copy and paste it back here.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.
In your next reply please post:
The ComboFix log
Please download and run TDSSkiller
When the program opens, click on the start scan button.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.
After trying to clean them it will pop up with the results of the scan and its actions.
Please reboot the system if asked to do so.
After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Please open the log and copy and paste it back here.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
- Download this file here :
Combofix
- When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
- Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
- We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
- Close all open Windows including this one.
- Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
- Please click on I agree on the disclaimer window.
- ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
- ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
- Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
- At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
- Please click on yes in the next window to continue scanning for malware.
- ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
- ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
- While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
- When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
- This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
- When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
- Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.
In your next reply please post:
The ComboFix log