Results 1 to 10 of 16

Thread: can not remove ilivid even after reboot

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2015-01-29, 07:32 #1
    ian68
    ian68 is offline
    Junior Member
    Join Date
    Nov 2012
    Posts
    9

    Default can not remove ilivid even after reboot

    please help, this has been a longstanding issue and browser freezes for a second or two every now and again which leads me to think something is still burrowing in the background. I have uninstalled whatever I could find as ilivid including browser addins etc.
    See log below, I stopped the scan after this item was found just to get the log to post here. My system seems clean except for this one item.
    Also see two attached logs (aswMBR.txt and FRST.txt) I also have "Addition.txt" ready to go but it is just too big to upload,

    ilivid.Toolbar: [SBI $BB9CE1DE] Program directory (Directory, nothing done)
    C:\Program Files (x86)\Search Results Toolbar\

    User abort!: Scan was not completed successfully. (Status)

    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    Edit Removed updates log. Previous topic in Spybot forum: http://forums.spybot.info/showthread...ht=#post461503


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by Ian (administrator) on IAN-SMALL-PC on 28-01-2015 08:47:47
    Running from C:\Users\Ian\Documents\utils\spybot recomended
    Loaded Profiles: Ian (Available profiles: Ian)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    () C:\Windows\PLFSetI.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    (Akamai Technologies, Inc.) C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Akamai Technologies, Inc.) C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Dropbox, Inc.) C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (LoiLo inc) C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
    HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [344872 2010-03-09] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [CameraWatcher] => C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe [128128 2013-06-21] (LoiLo inc)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Google Update] => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\MountPoints2: D - D:\DTVP_Launcher.exe
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\MountPoints2: {412a5771-9d04-11e1-96c8-206a8a146665} - D:\DTVP_Launcher.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-07] (Microsoft Corporation)
    AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-04-09] ()
    AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll File Not Found
    AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-04-09] ()
    AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll" File Not Found
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll [474112 2013-05-08] () <===== ATTENTION
    HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll [643584 2013-05-08] () <===== ATTENTION
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
    ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...8z115t67k1k06s
    SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA411
    SearchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=CA&ver=18
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 64.59.144.93 64.59.150.139 192.168.125.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default
    FF DefaultSearchEngine: Norton Safe Search
    FF SearchEngineOrder.1: Search Results
    FF Homepage: about:home
    FF Keyword.URL: hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=360&chn=retail&geo=CA&ver=21&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @talk.google.com/O1DPlugin -> C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF user.js: detected! => C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\user.js
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\searchplugins\safesearch.xml
    FF Extension: British English Dictionary - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-01-05]
    FF Extension: Delicious Bookmarks - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012-10-24]
    FF Extension: Yahoo! Toolbar - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-24]
    FF Extension: Extension Manager - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\pluginfy@pluginfy.manager.xpi [2012-07-14]
    FF Extension: Media Converter - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi [2011-08-27]
    FF Extension: New Tab - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}.xpi [2013-06-07]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-26]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-26]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-23]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-01-28]
    FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
    FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2014-05-17]
    FF HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.searchnu.com/406?appid=362
    CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
    CHR Plugin: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Norton Confidential) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
    CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
    CHR Plugin: (Google Talk Plugin) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
    CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
    CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
    CHR Extension: (Google Cast) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-31]
    CHR Extension: (Norton Identity Safe) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-29]
    CHR Extension: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-01]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-07]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-03]
    CHR Extension: (Norton Safe) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-12-31]
    CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
    CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-18]
    CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
    R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
    R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S2 0307951356394099mcinstcleanup; C:\Users\Ian\AppData\Local\Temp\030795~1.EXE -cleanup -nolog [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
    S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [14848 2008-11-10] (Marvell Semiconductor, Inc.)
    S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [16384 2008-11-10] (Marvell Semiconductor, Inc.)
    R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150127.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.020\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.020\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
    R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-16] (IBM Corp.)
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
    R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-17] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 08:46 - 2015-01-28 08:47 - 00000000 ____D () C:\FRST
    2015-01-28 08:40 - 2015-01-28 08:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IAN-SMALL-PC-Windows-7-Home-Premium-(64-bit).dat
    2015-01-28 08:36 - 2015-01-28 08:36 - 00002243 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\RegBackup
    2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-26 09:13 - 2014-11-05 21:59 - 00450776 _____ () C:\Windows\system32\Drivers\etc\hosts.20150126-091312.backup
    2015-01-26 07:41 - 2015-01-26 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-14 07:43 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 07:43 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 07:43 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 07:43 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 07:43 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 07:43 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 07:43 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 07:43 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 07:43 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 07:43 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 07:43 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 07:43 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 07:43 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2014-12-31 18:34 - 2014-12-31 18:34 - 00001212 _____ () C:\Users\Ian\Desktop\Chromecast.lnk
    2014-12-31 18:34 - 2014-12-31 18:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
    2014-12-29 21:18 - 2014-12-29 21:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-28 08:45 - 2010-12-20 16:25 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Skype
    2015-01-28 08:44 - 2011-02-10 21:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570150575-2268660576-3537091070-1001UA.job
    2015-01-28 08:31 - 2010-12-20 16:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-28 08:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-28 08:27 - 2012-08-16 11:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-28 07:37 - 2009-07-13 20:45 - 00026160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-28 07:37 - 2009-07-13 20:45 - 00026160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-28 07:29 - 2011-01-17 08:14 - 00000000 ___RD () C:\Users\Ian\Dropbox
    2015-01-28 07:29 - 2011-01-17 08:08 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Dropbox
    2015-01-28 07:26 - 2012-12-02 07:41 - 00000000 ___RD () C:\Users\Ian\Google Drive
    2015-01-28 07:24 - 2010-12-20 16:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-28 07:24 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-28 07:24 - 2009-07-13 20:51 - 00159847 _____ () C:\Windows\setupact.log
    2015-01-28 07:22 - 2012-04-24 07:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-28 07:20 - 2010-08-28 05:24 - 01951779 _____ () C:\Windows\WindowsUpdate.log
    2015-01-28 00:44 - 2011-02-10 21:36 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570150575-2268660576-3537091070-1001Core.job
    2015-01-27 21:50 - 2010-12-24 08:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-01-27 19:24 - 2010-12-29 11:31 - 00056832 _____ () C:\Users\Ian\Documents\pwfile(2011).xlsx
    2015-01-27 15:16 - 2011-02-25 12:40 - 00000000 ____D () C:\Users\Ian\AppData\Local\CrashDumps
    2015-01-27 14:59 - 2012-08-16 11:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-27 14:59 - 2012-04-08 10:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-27 14:59 - 2011-06-16 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-27 10:59 - 2010-12-24 08:34 - 00000000 ____D () C:\Users\Ian\Documents\utils
    2015-01-26 19:42 - 2010-12-20 16:26 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-26 19:38 - 2012-12-02 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-01-26 17:25 - 2011-03-08 12:27 - 00000000 ____D () C:\Users\Ian\Documents\Admin
    2015-01-26 16:08 - 2014-04-24 05:57 - 00024576 _____ () C:\Users\Ian\Documents\pwfileicbc.xlsx
    2015-01-26 07:33 - 2011-01-17 22:28 - 00000000 ____D () C:\Users\Ian\Documents\investments
    2015-01-25 11:56 - 2010-12-21 06:03 - 00000000 ____D () C:\Users\Ian\Documents\e-Sword
    2015-01-23 08:51 - 2011-08-18 05:42 - 00000000 ____D () C:\Users\Ian\Documents\temp
    2015-01-23 07:46 - 2010-12-20 16:11 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Mozilla
    2015-01-21 08:41 - 2014-11-05 21:48 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Audacity
    2015-01-16 12:01 - 2014-05-04 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    2015-01-16 09:13 - 2010-08-28 05:24 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
    2015-01-16 07:45 - 2012-11-02 20:34 - 00775912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-16 07:45 - 2009-07-13 21:13 - 00775912 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-15 08:31 - 2010-05-19 17:06 - 02812802 _____ () C:\Windows\PFRO.log
    2015-01-15 08:24 - 2013-09-27 21:45 - 00000000 ____D () C:\Users\Ian\Documents\Outlook Files
    2015-01-15 08:11 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 07:50 - 2010-12-26 19:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 11:33 - 2010-12-20 21:33 - 00000000 ____D () C:\Users\Ian\AppData\Local\Microsoft Help
    2015-01-08 07:45 - 2010-12-20 16:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-01-08 07:45 - 2010-12-20 16:25 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-04 00:03 - 2012-12-24 17:05 - 00000336 _____ () C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    2015-01-02 09:35 - 2012-12-24 17:05 - 00000322 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    2015-01-01 04:09 - 2014-11-07 21:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-12-31 18:34 - 2010-12-20 07:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\Google

    ==================== Files in the root of some directories =======

    2010-12-20 16:27 - 2010-12-20 16:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2011-04-23 06:46 - 2011-11-27 20:54 - 0001353 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll
    C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll


    Some content of TEMP:
    ====================
    C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqvc0mr.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-16 16:24

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2015-01-28 08:56:14
    -----------------------------
    08:56:14.073 OS Version: Windows x64 6.1.7601 Service Pack 1
    08:56:14.073 Number of processors: 4 586 0x2505
    08:56:14.073 ComputerName: IAN-SMALL-PC UserName: Ian
    08:56:16.613 Initialize success
    08:56:16.853 VM: initialized successfully
    08:56:16.853 VM: Intel CPU supported
    08:56:29.766 VM: supported disk I/O iaStor.sys
    08:59:32.400 AVAST engine defs: 15012800
    09:01:44.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    09:01:44.437 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    09:01:44.597 VM: Disk 0 MBR read successfully
    09:01:44.607 Disk 0 MBR scan
    09:01:44.627 Disk 0 Windows VISTA default MBR code
    09:01:44.647 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
    09:01:44.677 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
    09:01:44.687 Disk 0 default boot code
    09:01:44.717 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463838 MB offset 26830848
    09:01:44.867 Disk 0 scanning C:\Windows\system32\drivers
    09:02:04.291 Service scanning
    09:02:09.232 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys **LOCKED** 5
    09:02:14.363 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
    09:02:15.213 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
    09:02:20.304 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150127.001\IDSvia64.sys **LOCKED** 5
    09:02:27.046 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.040\ENG64.SYS **LOCKED** 5
    09:02:27.326 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.040\EX64.SYS **LOCKED** 5
    09:02:50.622 Modules scanning
    09:02:50.642 Disk 0 trace - called modules:
    09:02:50.702 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    09:02:50.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d73060]
    09:02:50.722 3 CLASSPNP.SYS[fffff88001d7b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007aac050]
    09:02:53.262 AVAST engine scan C:\Windows
    09:02:59.164 AVAST engine scan C:\Windows\system32
    09:09:27.002 AVAST engine scan C:\Windows\system32\drivers
    09:10:04.166 AVAST engine scan C:\Users\Ian
    10:08:33.571 AVAST engine scan C:\ProgramData
    10:36:26.132 File: C:\ProgramData\Wincert\win32prop.dll **INFECTED** Win32:Adware-BRT [Adw]
    10:36:26.423 Disk 0 statistics 5521531/0/22 @ 0.64 MB/s
    10:36:26.443 Scan finished successfully
    10:52:07.087 Disk 0 MBR has been saved successfully to "C:\Users\Ian\Documents\utils\spybot recomended\MBR.dat"
    10:52:07.106 The log file has been saved successfully to "C:\Users\Ian\Documents\utils\spybot recomended\aswMBR.txt"
    Attached Files Attached Files
    Last edited by tashi; 2015-01-29 at 17:10. Reason: Copy pasted logs into topic, added link to previous thread
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules