AdwCleaner Report

T

Toastmaster91

New Member
AdwCleaner [R0]:
# AdwCleaner v3.012 - Report created 20/07/2015 at 13:42:58
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RACOCT2012 - RACOCT2012-HP
# Running from : C:\Users\RACOCT2012\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack
Service Found : hshld
Service Found : hsstrayservice
Service Found : hsswd

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Found : C:\Users\RACOCT2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\RACOCT2012\AppData\Roaming\Mozilla\Firefox\Profiles\vuo2bavg.default\searchplugins\Web Search.xml
File Found : C:\Users\RACOCT2012\Desktop\MyPC Backup.lnk
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Found C:\Program Files (x86)\AskPartnerNetwork
Folder Found C:\Program Files (x86)\BrowseToSave
Folder Found C:\Program Files (x86)\hotspot shield
Folder Found C:\Program Files (x86)\WhiteSmoke_New
Folder Found C:\Program Files (x86)\WinZip Registry Optimizer
Folder Found C:\Program Files\DomaIQ Uninstaller
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\AskPartnerNetwork
Folder Found C:\ProgramData\Broiwwsey2esauve
Folder Found C:\ProgramData\ExxsatraCOOUponi
Folder Found C:\ProgramData\EXXsstrraCoeupon
Folder Found C:\ProgramData\hotspot shield
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broiwwsey2esauve
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Found C:\ProgramData\SoftSafe
Folder Found C:\Searchprotect
Folder Found C:\Users\RACOCT~1\AppData\Local\Temp\apn
Folder Found C:\Users\RACOCT~1\AppData\Local\Temp\apn
Folder Found C:\Users\RACOCT2012\AppData\Local\AskPartnerNetwork
Folder Found C:\Users\RACOCT2012\AppData\Local\Conduit
Folder Found C:\Users\RACOCT2012\AppData\Local\SwvUpdater
Folder Found C:\Users\RACOCT2012\AppData\LocalLow\Broiwwsey2esauve
Folder Found C:\Users\RACOCT2012\AppData\LocalLow\Conduit
Folder Found C:\Users\RACOCT2012\AppData\LocalLow\PDFssoftware_B2
Folder Found C:\Users\RACOCT2012\AppData\LocalLow\Smartbar
Folder Found C:\Users\RACOCT2012\AppData\LocalLow\WhiteSmoke_New
Folder Found C:\Users\RACOCT2012\AppData\Roaming\hotspot shield
Folder Found C:\Users\RACOCT2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\RACOCT2012\AppData\Roaming\pdfforge
Folder Found C:\Users\RACOCT2012\AppData\Roaming\Searchprotect
Folder Found C:\Windows\SysWOW64\hotspot shield
Folder Found C:\Windows\SysWOW64\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PDFssoftware_B2
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\PDFssoftware_B2
Key Found : HKCU\Software\WhiteSmoke_New
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\PDFssoftware_B2
Key Found : [x64] HKCU\Software\WhiteSmoke_New
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3297959
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11B373E9-8ADA-44F8-BFF4-307650710004}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20F78960-FA7A-4C54-ADAE-3B8ECA798B9A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75BF0DCC-DC6B-4006-B727-EED45037FC40}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{873496C3-7DAA-4A87-9343-C4B49629FD78}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BFCDF3D2-3C01-43FA-975F-C3FE32B2CC3A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Found : HKLM\Software\PDFssoftware_B2
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\WhiteSmoke_New
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{93FA508D-4CB2-456F-8AEF-5ED652BC51C0}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{93FA508D-4CB2-456F-8AEF-5ED652BC51C0}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgQVJTZaj4svUMaRJ-pEZs3D4XccTsnU-SNVB9JN_u66Ds_ZXfn67Zs21iBLBxZy81wSQTrT2zyjEd2Cn3JtWVhUwi-D7S76Bd0DfG0lQ8lNgTFDk55JtDkw9xmCpskzs,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgQVJTZaj4svUMaRJ-pEZs3D4XccTsnU-SNVB9JN_u66Ds_ZXfn67Zs21iBLBxZy81wSQTrT2zyjEd2Cn3JtWVhUwi-D7S76Bd0DfG0lQ8lNgTFDk55JtDkw9xmCpskzs,&q={searchTerms}

-\\ Mozilla Firefox v39.0 (x86 en-US)

[ File : C:\Users\RACOCT2012\AppData\Roaming\Mozilla\Firefox\Profiles\vuo2bavg.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename.US", "Web Search");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9309 octets] - [20/07/2015 13:42:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9369 octets] ##########
-------------------------------------------------------------------------
AdwCleaner [S0]:

# AdwCleaner v3.012 - Report created 20/07/2015 at 13:44:03
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RACOCT2012 - RACOCT2012-HP
# Running from : C:\Users\RACOCT2012\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack
Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Broiwwsey2esauve
Folder Deleted : C:\ProgramData\ExxsatraCOOUponi
Folder Deleted : C:\ProgramData\EXXsstrraCoeupon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broiwwsey2esauve
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\WhiteSmoke_New
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Users\RACOCT2012\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\RACOCT2012\AppData\Local\Conduit
Folder Deleted : C:\Users\RACOCT2012\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\RACOCT~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\RACOCT2012\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\RACOCT2012\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\RACOCT2012\AppData\LocalLow\Broiwwsey2esauve
Folder Deleted : C:\Users\RACOCT2012\AppData\LocalLow\PDFssoftware_B2
Folder Deleted : C:\Users\RACOCT2012\AppData\LocalLow\WhiteSmoke_New
Folder Deleted : C:\Users\RACOCT2012\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\RACOCT2012\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\RACOCT2012\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\RACOCT2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\RACOCT2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\RACOCT2012\Desktop\MyPC Backup.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Users\RACOCT2012\AppData\Roaming\Mozilla\Firefox\Profiles\vuo2bavg.default\searchplugins\Web Search.xml
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297959
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BFCDF3D2-3C01-43FA-975F-C3FE32B2CC3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75BF0DCC-DC6B-4006-B727-EED45037FC40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11B373E9-8ADA-44F8-BFF4-307650710004}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{873496C3-7DAA-4A87-9343-C4B49629FD78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20F78960-FA7A-4C54-ADAE-3B8ECA798B9A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{93FA508D-4CB2-456F-8AEF-5ED652BC51C0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{93FA508D-4CB2-456F-8AEF-5ED652BC51C0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PDFssoftware_B2
Key Deleted : HKCU\Software\WhiteSmoke_New
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PDFssoftware_B2
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\PDFssoftware_B2
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v39.0 (x86 en-US)

[ File : C:\Users\RACOCT2012\AppData\Roaming\Mozilla\Firefox\Profiles\vuo2bavg.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename.US", "Web Search");

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9489 octets] - [20/07/2015 13:42:58]
AdwCleaner[S0].txt - [8694 octets] - [20/07/2015 13:44:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8754 octets] ##########
 
JRT Report

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by RACOCT2012 on 21/07/2015 at 20:32:45.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] sppd [Reboot required]



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Public\Desktop\hotspot shield.lnk
Successfully deleted: [File] C:\Users\Public\Desktop\winzip registry optimizer.lnk
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.livelyrics00.live-lyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.reimageplus.com_0.localstorage
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.reimageplus.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\RACOCT2012\Appdata\Local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{06ACA10C-27D6-4343-9DED-5B2974BF0AD9}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{14D6E511-70E8-484D-B9B3-F81DE2346FAA}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{33DA0B45-766E-4BEB-9DD2-4B2F273F51F8}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{37F02E11-9189-4961-8611-6131271C4916}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{394C9571-D389-4DD9-A5E6-0352DF4B32A2}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{45E03927-2EED-43E9-AF20-CCD63AE85067}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{46A8619B-61B3-4A66-9EDF-49AF4D92F6BB}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{534BEC75-4F9F-4D0F-873C-45522152FD7B}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{55425775-5614-4717-961B-3155306DDD91}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{57032FD9-0B2F-466E-A3A8-5D0FFAFB6D86}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{59298DBA-12B8-47E0-A2D7-CDCBA69079FF}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{6909526E-8935-46F5-BE69-9DE9FB2C9193}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{6AF55C0B-6E89-45BA-BBAB-55C9936C43D7}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{6BED6B65-A6C2-4906-A294-CAAA010E1902}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{6D44417B-B54E-414E-93D3-F2145F6378AB}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{747E4FDC-9648-4DCA-9D34-BDB7D5783569}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{7C43DE7E-F9A2-416A-8FF1-5993AD40B6D0}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{7F059B09-8E9C-4EBF-A67C-108CB11996E4}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{81794EC4-6588-451C-97A7-D5CD5F393AF4}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{983A84AC-F2A7-47F4-8809-E46936DD0CE2}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{9BD8F64E-C2FC-459C-BB47-33A5DF200B50}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{B87D6295-D3EF-4E43-AA3D-C9957A6F9118}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{B8AE4719-9D8D-4E90-9CA7-E7AFC94BCBD6}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{C5E9071C-15D0-4619-84B1-5876B6CDBCC5}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{DEB196F3-0B49-4F55-A9A3-FB6221A12EEC}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{EEA8FA18-6352-4827-8329-90A229C1ABA3}
Successfully deleted: [Empty Folder] C:\Users\RACOCT2012\Appdata\Local\{F23BFDA4-A51E-419E-8717-408F2A593BC4}
Successfully deleted: [Folder] C:\Program Files (x86)\webexpenhancedv1
Successfully deleted: [Folder] C:\Users\RACOCT2012\Appdata\Local\lpt
Successfully deleted: [Folder] C:\Users\RACOCT2012\AppData\Roaming\nico mak computing
Successfully deleted: [Folder] C:\ProgramData\dd67fdd332c2d613
Successfully deleted: [Folder] C:\ProgramData\HAppiYY2SSavE
Successfully deleted: [Folder] C:\ProgramData\SSaVerrExxtension



~~~ FireFox

Emptied folder: C:\Users\RACOCT2012\AppData\Roaming\mozilla\firefox\profiles\vuo2bavg.default\minidumps [47 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap

[C:\Users\RACOCT2012\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\RACOCT2012\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\RACOCT2012\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\RACOCT2012\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/07/2015 at 20:37:10.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware - Scanning History Log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/07/2015
Scan Time: 8:59 PM
Logfile: Scanning History Log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.22.01
Rootkit Database: v2015.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RACOCT2012

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434993
Time Elapsed: 18 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 15
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, Quarantined, [08c1d113b6d440f67efa831355af27d9],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [14b59c480288330334eb5a3c3bc938c8],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1, Quarantined, [a920d50f078312249380053dbc47f907],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1mode2232, Quarantined, [a920b72dccbe4cea7b982e14699adb25],
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerV1alpha277, Quarantined, [3b8e1bc9ccbee84e6af4d27c7390ce32],
PUP.Optional.MediaViewer.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewerV1alpha883, Quarantined, [1bae8b5963275ed86ab054f7eb18bd43],
PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha1670, Quarantined, [9f2a1dc70387fc3a357b4802d82b41bf],
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\WOW6432NODE\RichMediaViewV1release243, Quarantined, [5f6a687c39515ed85b05d36be71c24dc],
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\WOW6432NODE\WebexpEnhancedV1, Quarantined, [96338c581872fe3818009bb309fa916f],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mmifolfpllfdhilecpdpmemhelmanajl, Quarantined, [b415dd075337171f4368b983ca399f61],
PUP.Optional.Webexp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Webexp Enhanced, Quarantined, [ccfdde06e8a284b238089eb2d52e3cc4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{f3dadae8}, Quarantined, [7c4df8ec4149c076d79e266e7b89eb15],
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{41525333-2D56-3700-76A7-A758B70C1D00}, Quarantined, [a22708dcd6b4b680ffd1ce3900039a66],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [d9f024c0b6d465d178a76531fc08e61a],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [12b7895b99f1d660ce3843c6b54e9967],

Registry Values: 12
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130547011131384538, Quarantined, [08c1d113b6d440f67efa831355af27d9]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [14b59c480288330334eb5a3c3bc938c8]
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{41525333-2D56-3700-76A7-A758B70C1D00}|InstallSource, C:\ProgramData\APN\APN-Stub\ARS3-V7\, Quarantined, [a22708dcd6b4b680ffd1ce3900039a66]
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff, Quarantined, [d4f518ccfa90092d872514284bb86f91]
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha873\ff, Quarantined, [6762b1338802cf67918862ecd72c8a76]
PUP.Optional.MediaPlayerAlpha.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha277\ff, Quarantined, [7356c51fb0da999d0758133ba45fb14f]
PUP.Optional.MediaViewer.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha883\ff, Quarantined, [8445b331f6941c1a2af127241ae92dd3]
PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1670\ff, Quarantined, [44857c683357f046f2bf1b2faa59748c]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2232\ff, Quarantined, [3a8fd212c7c3162074a04ff3e32017e9]
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release243\ff, Quarantined, [e0e9c81c880252e4500f82bc679c728e]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [d9f024c0b6d465d178a76531fc08e61a]
PUM.Bad.Proxy, HKU\S-1-5-21-3945454387-3424325173-1578744121-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8555, Quarantined, [6465d212e1a994a2a9f755e592715ba5]

Registry Data: 0
(No malicious items detected)

Folders: 34
PUP.Optional.MultiPlug, C:\ProgramData\oicbeioebgalgpfbhamcpbjfndgciajj, Quarantined, [4188ab3903871422e903bbd3ab59b848],
PUP.Optional.MediaPlayerAlpha.A, C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha277, Quarantined, [6c5d7272d1b9db5bafea9d3ae1217789],
PUP.Optional.MediaPlayerAlpha.A, C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha277\ch, Quarantined, [6c5d7272d1b9db5bafea9d3ae1217789],
PUP.Optional.MediaPlayerAlpha.A, C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha277\ie, Quarantined, [6c5d7272d1b9db5bafea9d3ae1217789],
PUP.Optional.MediaViewer.A, C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha883, Quarantined, [08c136ae0288fd395bdc93468979936d],
PUP.Optional.MediaViewer.A, C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha883\ch, Quarantined, [08c136ae0288fd395bdc93468979936d],
PUP.Optional.MediaViewer.A, C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha883\ie, Quarantined, [08c136ae0288fd395bdc93468979936d],
PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1, Quarantined, [b2174b99820866d070e04a956c9634cc],
PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2232, Quarantined, [b2174b99820866d070e04a956c9634cc],
PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2232\ch, Quarantined, [b2174b99820866d070e04a956c9634cc],
PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2232\ie, Quarantined, [b2174b99820866d070e04a956c9634cc],
PUP.Optional.Extutil.A, C:\Users\RACOCT2012\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [973220c4e5a576c0cc833fa8ce34ea16],
PUP.Optional.Managera.A, C:\Users\RACOCT2012\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [62675b899befc27482ce5097ae54b050],
PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1670, Quarantined, [30996e76d2b8b185e2ea37caa0634cb4],
PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1670\ch, Quarantined, [30996e76d2b8b185e2ea37caa0634cb4],
PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1670\ie, Quarantined, [30996e76d2b8b185e2ea37caa0634cb4],
PUP.Optional.RichMediaView.A, C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release243, Quarantined, [deeb4b9929610630884645bc19ea13ed],
PUP.Optional.RichMediaView.A, C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release243\ch, Quarantined, [deeb4b9929610630884645bc19ea13ed],
PUP.Optional.RichMediaView.A, C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release243\ie, Quarantined, [deeb4b9929610630884645bc19ea13ed],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci\1.1_0, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci\1.1_0\images, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0\images, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0\images, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\images, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0\images, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],

Files: 103
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\nscEF69.exe, Quarantined, [d0f9489cb8d2003688acdb1b6c94ac54],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\nsh6BE2.exe, Quarantined, [3f8ae10312788ea87db7f9fd68980af6],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\nsuF169.exe, Quarantined, [48816084e2a86dc92f054bab52ae7e82],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\nsxD429.exe, Quarantined, [8f3af0f434564aec989c2ec8ff01ae52],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\nsxEA16.exe, Quarantined, [10b97c68fe8ced493ef6797d649c28d8],
PUP.Optional.BundleInstaller, C:\Users\RACOCT2012\AppData\Local\Temp\piGpxWj9.exe.part, Quarantined, [804930b47b0f76c0197c832ccb39857b],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\SPStub.exe, Quarantined, [f0d90ada1773270f3bc22cc8c8384fb1],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\ToolbarHelper.exe, Quarantined, [5277f5ef7a106fc7a391ff2114ecaa56],
PUP.Optional.Amonetize.A, C:\Users\RACOCT2012\AppData\Local\Temp\Updater.exe, Quarantined, [d4f55391226849edebcb19d9d9277090],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\nsa561B.exe, Quarantined, [d7f2e6feef9b979f5adae90d52aeb34d],
PUP.Optional.Mypcbackup, C:\Users\RACOCT2012\AppData\Local\Temp\BackupSetup.exe, Quarantined, [fccd08dcabdf47ef11b6f27816effa06],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\SecondStepInstaller.exe, Quarantined, [4a7f2db7c0ca63d340f4876ffe02ca36],
Adware.BetterSurf, C:\Users\RACOCT2012\AppData\Local\Temp\Setup.exe, Quarantined, [6069bc28d0bab581c6001cf3cd345aa6],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\ct3289847\ctbe.exe, Quarantined, [ebdeffe5d9b193a394f67fa18d73db25],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\ct3289847\ffLogic.exe, Quarantined, [a029459f99f13cfadf1e9e562ed2738d],
PUP.Optiona.ConduitTB.Gen, C:\Users\RACOCT2012\AppData\Local\Temp\ct3289847\ieLogic.exe, Quarantined, [e2e738ac3159cc6a9867e881d0359c64],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\ct3289847\spff.exe, Quarantined, [eadf40a4d5b533030feebe3637c94cb4],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\ct3289847\statisticsStub.exe, Quarantined, [2f9a9a4ac5c5b581e1c355914db3fb05],
PUP.Optional.Conduit.A, C:\Users\RACOCT2012\AppData\Local\Temp\AU\SPSetup.exe, Quarantined, [3e8b16ce5337f244ea4a8b6b34cc17e9],
PUP.Optional.Amonetize.A, C:\Users\RACOCT2012\AppData\Local\Temp\DIQM\FlashPlayer_151\setup__120.exe, Quarantined, [eedbcd1774167abc611adc1624dc867a],
Trojan.DomaIQ, C:\Users\RACOCT2012\AppData\Local\Temp\DIQM\FlashPlayer_151\software\FlashPlayer.exe, Quarantined, [f1d8e7fd8109db5bd3a4ca89e31fe020],
PUP.Optional.Mypcbackup, C:\Users\RACOCT2012\AppData\Local\Temp\DIQM\FlashPlayer_151\software\MyBackupPc.exe, Quarantined, [6366eafaf397bf77893ee585d82d5aa6],
PUP.Optional.QuickShare.A, C:\Users\RACOCT2012\AppData\Local\Temp\DIQM\FlashPlayer_151\software\QuickShare1.exe, Quarantined, [537619cb63279b9be056f32d55abed13],
PUP.Optional.Amonetize.A, C:\Users\RACOCT2012\AppData\Local\Temp\DIQM\FlashPlayer_151\software\Setup__120_i15890249.exe, Quarantined, [02c7489c5a30b77f2556fdf5e917a15f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd15CE.exe, Quarantined, [468342a2f09a81b5712f1de036ca46ba],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst6085.exe, Quarantined, [9534ca1a573371c56838df1eae52af51],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsjE736.exe, Quarantined, [1aaf04e07911af87f3ad86771ee22ad6],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk453.exe, Quarantined, [3e8bd212c4c6ad89237d32cbd72944bc],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskE7AE.exe, Quarantined, [03c61fc5deac6acc4957fd001ae68779],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn2C70.exe, Quarantined, [9930e10376143204c0e0906dcf315aa6],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsn99C6.exe, Quarantined, [24a574702a60a4920fda4fdaf908a35d],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnF105.exe, Quarantined, [eddc1ec67b0f04327b2546b748b8db25],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqD486.exe, Quarantined, [9f2ad113fb8f00360c94c4399868857b],
PUP.Optional.Conduit.A, C:\Windows\Temp\nst1714.exe, Quarantined, [6861737118727bbbf440d62004fc7c84],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv1C40.exe, Quarantined, [7455e8fc5337df57d1cf0fee1ae68d73],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsx77E3.exe, Quarantined, [6d5c756fd6b4280e9f4ace5bba4713ed],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsyD8A4.exe, Quarantined, [f2d79e461b6f84b26e32c934bc4420e0],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsyD8A5.exe, Quarantined, [4386e7fd5d2d73c3544c26d78b75d927],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsyE9F4.exe, Quarantined, [dfea1dc713774fe75a46fc019c6436ca],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nszE76F.exe, Quarantined, [7e4b677da6e48ea8dfc1966725dba55b],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nszEEC8.exe, Quarantined, [14b5c222bbcf3600d5cb28d536ca1ee2],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nseDE24.exe, Quarantined, [13b6657f5f2be254326eb4497b85de22],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsf176.exe, Quarantined, [46835c885f2bdb5b9e02b74652aed828],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsfD495.exe, Quarantined, [46833ea6f991e254554b55a88f719e62],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsgA9DF.exe, Quarantined, [8c3df7ed1b6f0f27406041bcca368e72],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi432B.exe, Quarantined, [5277d90b8cfe37ff623e55a813ed8b75],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsj1503.exe, Quarantined, [7851dc08385267cff8a86697df2127d9],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsjE38E.exe, Quarantined, [6b5e02e264266acc9e02fd00e02003fd],
PUP.FakeFlash.Domaiq, C:\Users\RACOCT2012\Downloads\FlashPlayer_V.118519012b.exe, Quarantined, [9f2a7b691d6de254f538b61dc63afb05],
PUP.Optional.SnapDo.A, C:\Windows\Installer\2bce6d9.msi, Quarantined, [24a5fbe937533006d7c93ded6f9212ee],
PUP.Optional.PricePeep.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Quarantined, [bb0e92525436e155b764dc2eff04837d],
PUP.Optional.PricePeep.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [4485697bee9c74c2bc5f2cde1be814ec],
PUP.Optional.ShowPass.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.showpass00.showpass.co_0.localstorage, Quarantined, [8b3ecc18d2b8e84e30ac111d857ecf31],
PUP.Optional.ShowPass.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.showpass00.showpass.co_0.localstorage-journal, Quarantined, [01c8f8ec5535f442e3f954dafc07a858],
PUP.Optional.MultiPlug, C:\ProgramData\oicbeioebgalgpfbhamcpbjfndgciajj\lsdb.js, Quarantined, [4188ab3903871422e903bbd3ab59b848],
PUP.Optional.MultiPlug, C:\ProgramData\oicbeioebgalgpfbhamcpbjfndgciajj\background.html, Quarantined, [4188ab3903871422e903bbd3ab59b848],
PUP.Optional.MultiPlug, C:\ProgramData\oicbeioebgalgpfbhamcpbjfndgciajj\content.js, Quarantined, [4188ab3903871422e903bbd3ab59b848],
PUP.Optional.MultiPlug, C:\ProgramData\oicbeioebgalgpfbhamcpbjfndgciajj\manifest.json, Quarantined, [4188ab3903871422e903bbd3ab59b848],
PUP.Optional.MediaPlayerAlpha.A, C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha277\ch\MediaPlayerV1alpha277.crx, Quarantined, [6c5d7272d1b9db5bafea9d3ae1217789],
PUP.Optional.MediaViewer.A, C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha883\ch\MediaViewerV1alpha883.crx, Quarantined, [08c136ae0288fd395bdc93468979936d],
PUP.Optional.MediaBuzz.A, C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode2232\ch\MediaBuzzV1mode2232.crx, Quarantined, [b2174b99820866d070e04a956c9634cc],
PUP.Optional.Extutil.A, C:\Users\RACOCT2012\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [973220c4e5a576c0cc833fa8ce34ea16],
PUP.Optional.Extutil.A, C:\Users\RACOCT2012\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [973220c4e5a576c0cc833fa8ce34ea16],
PUP.Optional.Extutil.A, C:\Users\RACOCT2012\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [973220c4e5a576c0cc833fa8ce34ea16],
PUP.Optional.Managera.A, C:\Users\RACOCT2012\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [62675b899befc27482ce5097ae54b050],
PUP.Optional.Managera.A, C:\Users\RACOCT2012\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [62675b899befc27482ce5097ae54b050],
PUP.Optional.MediaView.A, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1670\ch\MediaViewV1alpha1670.crx, Quarantined, [30996e76d2b8b185e2ea37caa0634cb4],
PUP.Optional.RichMediaView.A, C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release243\ch\RichMediaViewV1release243.crx, Quarantined, [deeb4b9929610630884645bc19ea13ed],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci\1.1_0\manifest.json, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci\1.1_0\icon.ico, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci\1.1_0\images\MediaViewerV1alpha883_128.png, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci\1.1_0\images\MediaViewerV1alpha883_16.png, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci\1.1_0\images\MediaViewerV1alpha883_48.png, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaViewer.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggniiehldjhjaggohaamlbjjollpnci\1.1_0\images\MediaViewerV1alpha883_64.png, Quarantined, [5d6cbb29800a33033d7e96d68085b64a],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0\manifest.json, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0\ffMediaBuzzV1mode2232chaction.js, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0\icon.ico, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0\images\MediaBuzzV1mode2232_128.png, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0\images\MediaBuzzV1mode2232_16.png, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0\images\MediaBuzzV1mode2232_48.png, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.MediaBuzz.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjebegelgjmhcjhkkkkhalnnbhnlnifj\1.1_0\images\MediaBuzzV1mode2232_64.png, Quarantined, [fccda73dcebc54e2fcbcc1ab7293ac54],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0\manifest.json, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0\ffRichMediaViewV1release243chaction.js, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0\icon.ico, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0\images\RichMediaViewV1release243_128.png, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0\images\RichMediaViewV1release243_16.png, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0\images\RichMediaViewV1release243_48.png, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.RichMediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\khadobdegjkllnkbmkmkejnbldahageg\1.1_0\images\RichMediaViewV1release243_64.png, Quarantined, [b910cb190684e0566b52df8dd92cfd03],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\manifest.json, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\ffWebexpEnhancedV1alpha873chaction.js, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\icon.ico, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\images\Thumbs.db, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\images\WebexpEnhancedV1alpha873_128.png, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\images\WebexpEnhancedV1alpha873_16.png, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\images\WebexpEnhancedV1alpha873_48.png, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.WebexpEnhanced.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpllfcpjochhapjalelmmknbjbhcnaba\1.1_0\images\WebexpEnhancedV1alpha873_64.png, Quarantined, [f0d91cc86c1ef83e249c2844e223b947],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0\manifest.json, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0\ffMediaViewV1alpha1670chaction.js, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0\icon.ico, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0\images\MediaViewV1alpha1670_128.png, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0\images\MediaViewV1alpha1670_16.png, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0\images\MediaViewV1alpha1670_48.png, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],
PUP.Optional.MediaView.A, C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\opdkbhdedfigiheimaiajjjecgpcbphj\1.1_0\images\MediaViewV1alpha1670_64.png, Quarantined, [e7e2e8fc53372d091e9ce686ac590df3],

Physical Sectors: 0
(No malicious items detected)


(end)
 
OTL Report

OTL logfile created on: 21/07/2015 9:29:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RACOCT2012\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17914)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

9.96 Gb Total Physical Memory | 7.28 Gb Available Physical Memory | 73.06% Memory free
19.92 Gb Paging File | 17.10 Gb Available in Paging File | 85.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1844.71 Gb Total Space | 1762.74 Gb Free Space | 95.56% Space Free | Partition Type: NTFS
Drive D: | 18.21 Gb Total Space | 2.28 Gb Free Space | 12.54% Space Free | Partition Type: NTFS

Computer Name: RACOCT2012-HP | User Name: RACOCT2012 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\RACOCT2012\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe (Research In Motion)
PRC - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.AutoUpdate.exe (Research In Motion)
PRC - C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.Helper.exe (Research In Motion)
PRC - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll ()
MOD - C:\Program Files\AVAST Software\Avast\log.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\0b7c4dd676cbf44c3c3c5904a304b419\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d20cf89ac216e2348b1067752960e758\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dda205128364510499bff84e347d0d28\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ee43419486c6e1872ba2903b46d0f45f\ReachFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ad9feb3143717fe0e0a50f792718bbed\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d2acb5226fa8916ef6417139a742a09d\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8115eb34e0d122591c2a9595cfff225e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5023210ae4242a319712718fc6a23848\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\11a24c8e5dd833c8de63c6a7ec19ca89\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\63e9d81bd805aea8f8690fee2efc9a9e\PresentationFramework-SystemCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\4df6733efc348c009a4a6e0adccc42a6\PresentationFramework-SystemData.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\9370714a38ae2805434296b26a9f5b14\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\d83810da4cb0cf0802c2cf15c652b368\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\a26884cd80c1d4a7e3f00c795e5cb305\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\d83810da4cb0cf0802c2cf15c652b368\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe ()
MOD - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RIM MDNS) -- C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe (Apple Inc.)
SRV - (RIM Tunnel Service) -- C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Research In Motion Limited)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GmbH)
SRV - (BlackBerry Device Manager) -- C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys (AVAST Software)
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\ironx64.sys (Symantec Corporation)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\symds64.sys (Symantec Corporation)
DRV:64bit: - (rimvndis) -- C:\Windows\SysNative\drivers\rimvndis6_AMD64.sys (Research in Motion Limited)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150719.021\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150719.021\eng64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150717.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...mepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...mepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...mepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{e4a1ece8-ed94-4f93-80ea-75f978ceaf24}: "URL" =
IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RACOCT2012\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2015/07/21 21:23:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/08/07 18:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/07/18 14:20:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/04 19:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RACOCT2012\AppData\Roaming\Mozilla\Extensions
[2015/07/19 00:38:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RACOCT2012\AppData\Roaming\Mozilla\Firefox\Profiles\vuo2bavg.default\extensions
[2014/01/30 18:58:04 | 000,000,000 | ---D | M] (YTNooAds) -- C:\Users\RACOCT2012\AppData\Roaming\Mozilla\Firefox\Profiles\vuo2bavg.default\extensions\[email protected]
[2015/07/20 13:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015/07/14 03:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/07/14 03:04:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/07/14 03:04:37 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.12.29_0\
CHR - Extension: No name found = C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\RACOCT2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RIM PeerManager] C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [BlackBerryLink.exe] C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe (Research In Motion)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{756A1461-B001-42F4-8E97-0CA9CF8960C9}: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAF7DD1C-C512-4339-97A0-0AFCB0E126FF}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f2092577-d66d-11e2-802c-446d5756a1bd}\Shell - "" = AutoRun
O33 - MountPoints2\{f2092577-d66d-11e2-802c-446d5756a1bd}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/07/21 20:58:04 | 000,113,880 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/07/21 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/07/21 20:57:23 | 000,109,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/07/21 20:57:23 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/07/21 20:57:23 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/07/21 20:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/07/21 20:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/07/20 13:37:19 | 000,000,000 | RHSD | C] -- C:\ProgramData\Key-Base
[2015/07/20 13:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Typing Instructor Platinum
[2015/07/20 13:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Individual Software
[2015/07/20 13:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Individual Software
[2015/07/18 17:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015/07/18 14:27:59 | 000,000,000 | ---D | C] -- C:\Users\RACOCT2012\AppData\Roaming\AVAST Software
[2015/07/18 14:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/07/18 14:20:16 | 000,150,160 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/07/18 14:20:15 | 001,048,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/07/18 14:20:15 | 000,447,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/07/18 14:20:15 | 000,274,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/07/18 14:20:15 | 000,093,528 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/07/18 14:20:15 | 000,090,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/07/18 14:20:15 | 000,065,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/07/18 14:20:15 | 000,028,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/07/18 14:20:14 | 000,378,880 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/07/18 14:20:13 | 000,043,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/07/18 14:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/07/18 14:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/07/14 03:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/06/29 23:42:42 | 000,000,000 | ---D | C] -- C:\Users\RACOCT2012\AppData\Local\Windows Live
[2015/06/23 13:52:37 | 000,000,000 | ---D | C] -- C:\Users\RACOCT2012\AppData\Local\GWX
[2 C:\Users\RACOCT2012\Desktop\*.tmp files -> C:\Users\RACOCT2012\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/07/21 21:30:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/21 21:30:11 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/07/21 21:29:04 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/07/21 21:29:04 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/07/21 21:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/07/21 21:26:30 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/07/21 21:26:30 | 000,667,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/07/21 21:26:30 | 000,126,506 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/07/21 21:21:05 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/07/21 21:20:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/07/21 21:19:59 | 3724,591,103 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/21 20:58:40 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/07/21 20:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/07/21 20:08:53 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job
[2015/07/21 03:17:07 | 004,933,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/07/20 13:45:53 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRACOCT2012.job
[2015/07/20 13:36:49 | 000,001,318 | ---- | M] () -- C:\Users\Public\Desktop\Typing Instructor Platinum.lnk
[2015/07/20 12:45:40 | 002,668,581 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\Cat.DB
[2015/07/19 14:00:14 | 000,179,000 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\VT20150719.007
[2015/07/18 14:20:55 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/07/18 14:20:14 | 000,447,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/07/18 14:20:14 | 000,274,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/07/18 14:20:14 | 000,150,160 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/07/18 14:20:14 | 000,090,968 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/07/18 14:20:14 | 000,065,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/07/18 14:20:14 | 000,028,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/07/18 14:20:13 | 000,378,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/07/18 14:20:13 | 000,093,528 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/07/18 14:20:13 | 000,043,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/07/18 14:20:12 | 001,048,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/07/18 13:59:22 | 000,179,000 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\VT20150718.006
[2015/07/18 03:20:19 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2015/07/18 03:16:39 | 000,179,000 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\VT20150714.006
[2015/07/17 12:47:48 | 000,179,000 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\VT20150717.021
[2015/07/17 08:42:46 | 000,179,000 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\VT20150717.018
[2015/07/16 07:56:22 | 000,179,000 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1507000.00B\VT20150716.009
[2015/07/15 19:04:23 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job
[2 C:\Users\RACOCT2012\Desktop\*.tmp files -> C:\Users\RACOCT2012\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/07/21 20:57:25 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/07/20 13:36:49 | 000,001,318 | ---- | C] () -- C:\Users\Public\Desktop\Typing Instructor Platinum.lnk
[2015/07/20 12:37:18 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForRACOCT2012.job
[2015/07/18 14:20:55 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 22:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 22:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/07/18 14:27:59 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\AVAST Software
[2013/11/10 18:43:08 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\PDAppFlex
[2013/08/07 18:13:21 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\PDF Architect
[2013/06/29 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\Research In Motion
[2014/03/20 16:06:16 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\SilvestriRN5e
[2015/07/20 13:44:04 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\SoftGrid Client
[2012/12/01 15:42:24 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\TP
[2012/10/21 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\WinBatch
[2013/06/29 18:19:11 | 000,000,000 | ---D | M] -- C:\Users\RACOCT2012\AppData\Roaming\XCPCSync.OEM

========== Purity Check ==========



< End of report >
 
The first thing I saw was that you are running 2 antivirus programs at once, which you can't do. You nave Norton and Avast running, please uninstall one of them.

Since you had a lot of malware lets run another program.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.

2.

After running combofix, I would also like to see a log that combofix produces but doesn't show you. Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.


In your next reply please post:

The ComboFix log
The add-remove progams log
 
ComboFix Log

Thank you for your reply, johnb35.

I installed ComboFix, and let it run... However, I did not see the "Microsoft Windows Recovery Console" message.

I did receive a log from ComboFix after it finished.

Here it is:

ComboFix 15-07-23.01 - RACOCT2012 23/07/2015 22:01:19.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10197.7491 [GMT -7:00]
Running from: c:\users\RACOCT2012\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Norton Internet Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Internet Security *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MediaPlayerV1
c:\program files (x86)\MediaViewerV1
c:\program files (x86)\MediaViewV1
c:\program files (x86)\RichMediaViewV1
c:\programdata\Surf Protect
.
.
((((((((((((((((((((((((( Files Created from 2015-06-24 to 2015-07-24 )))))))))))))))))))))))))))))))
.
.
2015-07-24 05:06 . 2015-07-24 05:06 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2015-07-24 05:06 . 2015-07-24 05:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-24 04:33 . 2015-07-18 21:20 90968 ----a-w- c:\windows\system32\drivers\asw23A.tmp
2015-07-24 04:33 . 2015-07-18 21:20 65224 ----a-w- c:\windows\system32\drivers\asw24B.tmp
2015-07-24 04:33 . 2015-07-18 21:20 447944 ----a-w- c:\windows\system32\drivers\asw28A.tmp
2015-07-24 04:33 . 2015-07-18 21:20 28656 ----a-w- c:\windows\system32\drivers\asw1FB.tmp
2015-07-24 04:33 . 2015-07-18 21:20 274808 ----a-w- c:\windows\system32\drivers\asw2AB.tmp
2015-07-24 04:33 . 2015-07-18 21:20 150160 ----a-w- c:\windows\system32\drivers\asw348.tmp
2015-07-24 04:33 . 2015-07-18 21:20 93528 ----a-w- c:\windows\system32\drivers\asw13F.tmp
2015-07-24 04:33 . 2015-07-18 21:20 1048856 ----a-w- c:\windows\system32\drivers\aswA2.tmp
2015-07-24 04:33 . 2015-07-24 04:33 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-07-22 03:58 . 2015-07-24 04:12 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-22 03:57 . 2015-07-22 03:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-22 03:57 . 2015-07-22 03:57 -------- d-----w- c:\programdata\Malwarebytes
2015-07-22 03:57 . 2015-06-18 15:52 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-22 03:57 . 2015-06-18 15:52 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-22 03:57 . 2015-06-18 15:52 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-20 20:37 . 2015-07-20 20:38 -------- d-sha-r- c:\programdata\Key-Base
2015-07-20 20:36 . 2015-07-20 20:40 -------- d-----w- c:\programdata\Individual Software
2015-07-20 20:36 . 2015-07-20 20:36 -------- d-----w- c:\program files (x86)\Individual Software
2015-07-20 19:46 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll
2015-07-20 19:46 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-07-20 19:46 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-07-20 19:46 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-07-20 19:46 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-07-20 19:46 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-07-20 19:46 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-07-20 19:46 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-07-20 19:46 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-07-20 19:46 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-07-19 00:21 . 2015-07-19 00:21 -------- d-----w- c:\program files\Common Files\AV
2015-07-18 21:27 . 2015-07-18 21:27 -------- d-----w- c:\users\RACOCT2012\AppData\Roaming\AVAST Software
2015-07-18 21:20 . 2015-07-18 21:20 43112 ----a-w- c:\windows\avastSS.scr
2015-07-18 21:18 . 2015-07-18 21:18 -------- d-----w- c:\program files\AVAST Software
2015-07-18 21:16 . 2015-07-18 21:16 -------- d-----w- c:\programdata\AVAST Software
2015-07-16 20:47 . 2015-07-20 19:44 -------- d-----w- c:\windows\system32\drivers\NISx64\1507000.00B
2015-07-15 10:36 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-15 10:35 . 2015-07-09 17:59 17856 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-15 10:35 . 2015-07-09 17:58 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-15 10:35 . 2015-07-09 17:58 765440 ----a-w- c:\windows\system32\invagent.dll
2015-07-15 10:35 . 2015-07-09 17:58 433664 ----a-w- c:\windows\system32\devinv.dll
2015-07-15 10:35 . 2015-07-09 17:58 1085440 ----a-w- c:\windows\system32\appraiser.dll
2015-07-15 10:35 . 2015-07-09 17:58 67584 ----a-w- c:\windows\system32\acmigration.dll
2015-07-15 10:35 . 2015-07-09 17:58 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-07-15 10:35 . 2015-07-09 17:50 1145856 ----a-w- c:\windows\system32\aeinv.dll
2015-06-30 06:42 . 2015-07-14 07:27 -------- d-----w- c:\users\RACOCT2012\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-16 20:37 . 2011-03-29 01:36 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-07-15 16:39 . 2013-05-08 08:18 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 16:39 . 2012-07-26 21:52 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-25 18:24 . 2015-06-19 21:14 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:21 . 2015-06-19 21:14 1728960 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:19 . 2015-06-19 21:14 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-05-25 18:19 . 2015-06-19 21:14 243712 ----a-w- c:\windows\system32\wow64.dll
2015-05-25 18:19 . 2015-06-19 21:14 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-05-25 18:19 . 2015-06-19 21:14 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-05-25 18:19 . 2015-06-19 21:14 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-06-19 21:14 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-06-19 21:14 503808 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:19 . 2015-06-19 21:14 50176 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:19 . 2015-06-19 21:14 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-19 21:14 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-05-25 18:19 . 2015-06-19 21:14 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-05-25 18:19 . 2015-06-19 21:14 1162752 ----a-w- c:\windows\system32\kernel32.dll
2015-05-25 18:18 . 2015-06-19 21:14 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:18 . 2015-06-19 21:14 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-06-19 21:14 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-06-19 21:14 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-06-19 21:14 112640 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:18 . 2015-06-19 21:14 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:18 . 2015-06-19 21:14 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-06-19 21:14 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-06-19 21:14 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:18 . 2015-06-19 21:14 338432 ----a-w- c:\windows\system32\conhost.exe
2015-05-25 18:11 . 2015-06-19 21:14 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 18:11 . 2015-06-19 21:14 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 18:11 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 18:07 . 2015-06-19 21:14 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-19 21:14 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-19 21:14 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-05-25 18:01 . 2015-06-19 21:14 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-06-19 21:14 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-05-25 18:01 . 2015-06-19 21:14 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-19 21:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-05-25 18:01 . 2015-06-19 21:14 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:01 . 2015-06-19 21:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:00 . 2015-06-19 21:14 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-06-19 21:14 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-06-19 21:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-05-25 18:00 . 2015-06-19 21:14 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-06-19 21:14 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-06-19 21:14 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:59 . 2015-06-19 21:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-05-25 17:59 . 2015-06-19 21:14 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-05-25 17:55 . 2015-06-19 21:14 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-05-25 17:55 . 2015-06-19 21:14 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 17:55 . 2015-06-19 21:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-05-25 17:00 . 2015-06-19 21:14 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-25 16:50 . 2015-06-19 21:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlackBerryLink.exe"="c:\program files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" [2013-06-05 3787280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-03-07 442896]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2013-06-05 4273664]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-11-06 2237328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FYIXGQDW
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - XCGFATOG
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-22 04:30 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-08 16:39]
.
2015-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28 16:31]
.
2015-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-28 16:31]
.
2015-07-20 c:\windows\Tasks\HPCeeScheduleForRACOCT2012.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-10-17 02:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-10-17 02:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-10-17 02:02 3358064 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-23 1425408]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uSearchAssistant = hxxp://www.google.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
FF - ProfilePath - c:\users\RACOCT2012\AppData\Roaming\Mozilla\Firefox\Profiles\vuo2bavg.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Better Surf Plus - c:\program files (x86)\BetterSurf\BetterSurfPlus\uninstall.exe
AddRemove-MediaBuzzV1mode2232 - c:\program files (x86)\MediaBuzzV1\MediaBuzzV1mode2232\uninstall.exe
AddRemove-MediaPlayerV1alpha277 - c:\program files (x86)\MediaPlayerV1\MediaPlayerV1alpha277\uninstall.exe
AddRemove-MediaViewerV1alpha883 - c:\program files (x86)\MediaViewerV1\MediaViewerV1alpha883\uninstall.exe
AddRemove-MediaViewV1alpha1670 - c:\program files (x86)\MediaViewV1\MediaViewV1alpha1670\uninstall.exe
AddRemove-RichMediaViewV1release243 - c:\program files (x86)\RichMediaViewV1\RichMediaViewV1release243\uninstall.exe
AddRemove-WinZip Registry Optimizer_is1 - c:\program files (x86)\WinZip Registry Optimizer\unins000.exe
AddRemove-{0C18C2CC-7CB3-4821-E72A-E5347DFB0AFB} - c:\programdata\YTNooAds\F.exe
AddRemove-{274E3C5C-178E-EAE2-A52F-2863C0EECD46} - c:\programdata\SSaVerrExxtension\ueF3.exe
AddRemove-{98449C67-C7AF-BB53-112D-26C916814611} - c:\programdata\EXXsstrraCoeupon\2CQZHry2s.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-{E957849A-94AC-6F46-4623-C31474E3C170} - c:\programdata\HAppiYY2SSavE\TyBrXUvjW.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.7.0.11\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.7.0.11;c:\program files (x86)\Norton Internet Security\Engine64\21.7.0.11"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-23 22:08:03
ComboFix-quarantined-files.txt 2015-07-24 05:08
.
Pre-Run: 1,891,458,859,008 bytes free
Post-Run: 1,894,882,713,600 bytes free
.
- - End Of File - - E3473FD0CD4FE7A9EBC15F3D7CF473A5
 
Add-Remove Programs Log

Adobe Creative Cloud
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Illustrator CC
Adobe Reader XI (11.0.12)
Adobe Refresh Manager
Bejeweled 3
Better Surf Plus
Bing Bar
BlackBerry Link
Blackhawk Striker 2
Blio
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Cradle of Rome 2
D3DX10
DirectX for Managed Code Update (Summer 2004)
Dora's World Adventure
EXXsstrraCoeupon
Facebook
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Galerie de photos Windows Live
Google Chrome
Google Update Helper
HAppiYY2SSavE
Hewlett-Packard ACLM.NET v1.2.2.3
Hoyle Card Games
HP Calendar
HP Clock
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP Notes
HP Odometer
HP RSS
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP TouchSmart RecipeBox
HP Update
Intel(R) Management Engine Components
Intel(R) USB 3.0 eXtensible Host Controller Driver
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
LabelPrint
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Malwarebytes Anti-Malware version 2.1.8.1057
Media Buzz
Media Player
Media View
Media Viewer
Mesh Runtime
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 39.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Norton Internet Security
NVIDIA PhysX
opensource
PDF Architect
PDF Complete Special Edition
PDF Settings CC
PDFCreator
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
QuickShare
Recovery Manager
Remote Graphics Receiver
Rich Media View
RollerCoaster Tycoon 3: Platinum
Samsung Printer Live Update
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
SilvestriRN5e
SSaVerrExxtension
The Treasures of Mystery Island: The Ghost Ship
Torchlight
TSHostedAppLauncher
Typing Instructor Platinum
Unity Web Player
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WildTangent Games App (HP Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip Registry Optimizer
YTNooAds
Zuma's Revenge
 
Did you uninstall Avast after running combofix?

Please uninstall the following programs.

Better Surf Plus
EXXsstrraCoeupon
HAppiYY2SSavE
Media Player
Media View
Media Viewer
SSaVerrExxtension
WinZip Registry Optimizer

Rerun OTL but this time copy and paste the following into the custom scans/fixes box at the bottom and then click on run fix at top.

Code: 
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0. 1:895;127.0.0.1:896
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555
O4 - HKLM..\Run: [] File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC6 4Loader.dll) - File not found
Are you still having issues? If so, what problems are you having?
 
You must log in or register to reply here.
Back
Top