ian68
2015-01-29, 08:32
please help, this has been a longstanding issue and browser freezes for a second or two every now and again which leads me to think something is still burrowing in the background. I have uninstalled whatever I could find as ilivid including browser addins etc.
See log below, I stopped the scan after this item was found just to get the log to post here. My system seems clean except for this one item.
Also see two attached logs (aswMBR.txt and FRST.txt) I also have "Addition.txt" ready to go but it is just too big to upload,
ilivid.Toolbar: [SBI $BB9CE1DE] Program directory (Directory, nothing done)
C:\Program Files (x86)\Search Results Toolbar\
User abort!: Scan was not completed successfully. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
Edit Removed updates log. Previous topic in Spybot forum: http://forums.spybot.info/showthread.php?71941-spybot-can-not-remove-ilivid-even-after-reboot&p=461503&highlight=#post461503
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Ian (administrator) on IAN-SMALL-PC on 28-01-2015 08:47:47
Running from C:\Users\Ian\Documents\utils\spybot recomended
Loaded Profiles: Ian (Available profiles: Ian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Akamai Technologies, Inc.) C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Akamai Technologies, Inc.) C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(LoiLo inc) C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [344872 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CameraWatcher] => C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe [128128 2013-06-21] (LoiLo inc)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Google Update] => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\MountPoints2: D - D:\DTVP_Launcher.exe
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\MountPoints2: {412a5771-9d04-11e1-96c8-206a8a146665} - D:\DTVP_Launcher.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-07] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-04-09] ()
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-04-09] ()
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll [474112 2013-05-08] () <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll [643584 2013-05-08] () <===== ATTENTION
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_1830t&r=27361210b906l0408z115t67k1k06s
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA411
SearchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=CA&ver=18
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.144.93 64.59.150.139 192.168.125.1
FireFox:
========
FF ProfilePath: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default
FF DefaultSearchEngine: Norton Safe Search
FF SearchEngineOrder.1: Search Results
FF Homepage: about:home
FF Keyword.URL: hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=360&chn=retail&geo=CA&ver=21&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @talk.google.com/O1DPlugin -> C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\searchplugins\safesearch.xml
FF Extension: British English Dictionary - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-01-05]
FF Extension: Delicious Bookmarks - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012-10-24]
FF Extension: Yahoo! Toolbar - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-24]
FF Extension: Extension Manager - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\pluginfy@pluginfy.manager.xpi [2012-07-14]
FF Extension: Media Converter - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi [2011-08-27]
FF Extension: New Tab - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}.xpi [2013-06-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2014-05-17]
FF HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: Default -> hxxp://www.searchnu.com/406?appid=362
CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Google Cast) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-31]
CHR Extension: (Norton Identity Safe) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-29]
CHR Extension: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-03]
CHR Extension: (Norton Safe) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-18]
CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 0307951356394099mcinstcleanup; C:\Users\Ian\AppData\Local\Temp\030795~1.EXE -cleanup -nolog [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [14848 2008-11-10] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [16384 2008-11-10] (Marvell Semiconductor, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150127.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.020\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.020\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 08:46 - 2015-01-28 08:47 - 00000000 ____D () C:\FRST
2015-01-28 08:40 - 2015-01-28 08:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IAN-SMALL-PC-Windows-7-Home-Premium-(64-bit).dat
2015-01-28 08:36 - 2015-01-28 08:36 - 00002243 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\RegBackup
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-26 09:13 - 2014-11-05 21:59 - 00450776 _____ () C:\Windows\system32\Drivers\etc\hosts.20150126-091312.backup
2015-01-26 07:41 - 2015-01-26 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 07:43 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:43 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:43 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:43 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:43 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:43 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:43 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:43 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:43 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:43 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:43 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:43 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:43 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-31 18:34 - 2014-12-31 18:34 - 00001212 _____ () C:\Users\Ian\Desktop\Chromecast.lnk
2014-12-31 18:34 - 2014-12-31 18:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-29 21:18 - 2014-12-29 21:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 08:45 - 2010-12-20 16:25 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Skype
2015-01-28 08:44 - 2011-02-10 21:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570150575-2268660576-3537091070-1001UA.job
2015-01-28 08:31 - 2010-12-20 16:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 08:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 08:27 - 2012-08-16 11:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 07:37 - 2009-07-13 20:45 - 00026160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 07:37 - 2009-07-13 20:45 - 00026160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 07:29 - 2011-01-17 08:14 - 00000000 ___RD () C:\Users\Ian\Dropbox
2015-01-28 07:29 - 2011-01-17 08:08 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Dropbox
2015-01-28 07:26 - 2012-12-02 07:41 - 00000000 ___RD () C:\Users\Ian\Google Drive
2015-01-28 07:24 - 2010-12-20 16:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 07:24 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 07:24 - 2009-07-13 20:51 - 00159847 _____ () C:\Windows\setupact.log
2015-01-28 07:22 - 2012-04-24 07:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 07:20 - 2010-08-28 05:24 - 01951779 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 00:44 - 2011-02-10 21:36 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570150575-2268660576-3537091070-1001Core.job
2015-01-27 21:50 - 2010-12-24 08:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-27 19:24 - 2010-12-29 11:31 - 00056832 _____ () C:\Users\Ian\Documents\pwfile(2011).xlsx
2015-01-27 15:16 - 2011-02-25 12:40 - 00000000 ____D () C:\Users\Ian\AppData\Local\CrashDumps
2015-01-27 14:59 - 2012-08-16 11:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-27 14:59 - 2012-04-08 10:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 14:59 - 2011-06-16 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 10:59 - 2010-12-24 08:34 - 00000000 ____D () C:\Users\Ian\Documents\utils
2015-01-26 19:42 - 2010-12-20 16:26 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 19:38 - 2012-12-02 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 17:25 - 2011-03-08 12:27 - 00000000 ____D () C:\Users\Ian\Documents\Admin
2015-01-26 16:08 - 2014-04-24 05:57 - 00024576 _____ () C:\Users\Ian\Documents\pwfileicbc.xlsx
2015-01-26 07:33 - 2011-01-17 22:28 - 00000000 ____D () C:\Users\Ian\Documents\investments
2015-01-25 11:56 - 2010-12-21 06:03 - 00000000 ____D () C:\Users\Ian\Documents\e-Sword
2015-01-23 08:51 - 2011-08-18 05:42 - 00000000 ____D () C:\Users\Ian\Documents\temp
2015-01-23 07:46 - 2010-12-20 16:11 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Mozilla
2015-01-21 08:41 - 2014-11-05 21:48 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Audacity
2015-01-16 12:01 - 2014-05-04 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-16 09:13 - 2010-08-28 05:24 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2015-01-16 07:45 - 2012-11-02 20:34 - 00775912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-16 07:45 - 2009-07-13 21:13 - 00775912 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 08:31 - 2010-05-19 17:06 - 02812802 _____ () C:\Windows\PFRO.log
2015-01-15 08:24 - 2013-09-27 21:45 - 00000000 ____D () C:\Users\Ian\Documents\Outlook Files
2015-01-15 08:11 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 07:50 - 2010-12-26 19:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 11:33 - 2010-12-20 21:33 - 00000000 ____D () C:\Users\Ian\AppData\Local\Microsoft Help
2015-01-08 07:45 - 2010-12-20 16:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 07:45 - 2010-12-20 16:25 - 00000000 ____D () C:\ProgramData\Skype
2015-01-04 00:03 - 2012-12-24 17:05 - 00000336 _____ () C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2015-01-02 09:35 - 2012-12-24 17:05 - 00000322 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
2015-01-01 04:09 - 2014-11-07 21:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-31 18:34 - 2010-12-20 07:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\Google
==================== Files in the root of some directories =======
2010-12-20 16:27 - 2010-12-20 16:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-04-23 06:46 - 2011-11-27 20:54 - 0001353 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll
Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqvc0mr.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 16:24
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-28 08:56:14
-----------------------------
08:56:14.073 OS Version: Windows x64 6.1.7601 Service Pack 1
08:56:14.073 Number of processors: 4 586 0x2505
08:56:14.073 ComputerName: IAN-SMALL-PC UserName: Ian
08:56:16.613 Initialize success
08:56:16.853 VM: initialized successfully
08:56:16.853 VM: Intel CPU supported
08:56:29.766 VM: supported disk I/O iaStor.sys
08:59:32.400 AVAST engine defs: 15012800
09:01:44.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:01:44.437 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:01:44.597 VM: Disk 0 MBR read successfully
09:01:44.607 Disk 0 MBR scan
09:01:44.627 Disk 0 Windows VISTA default MBR code
09:01:44.647 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
09:01:44.677 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
09:01:44.687 Disk 0 default boot code
09:01:44.717 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463838 MB offset 26830848
09:01:44.867 Disk 0 scanning C:\Windows\system32\drivers
09:02:04.291 Service scanning
09:02:09.232 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys **LOCKED** 5
09:02:14.363 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
09:02:15.213 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
09:02:20.304 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150127.001\IDSvia64.sys **LOCKED** 5
09:02:27.046 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.040\ENG64.SYS **LOCKED** 5
09:02:27.326 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.040\EX64.SYS **LOCKED** 5
09:02:50.622 Modules scanning
09:02:50.642 Disk 0 trace - called modules:
09:02:50.702 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:02:50.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d73060]
09:02:50.722 3 CLASSPNP.SYS[fffff88001d7b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007aac050]
09:02:53.262 AVAST engine scan C:\Windows
09:02:59.164 AVAST engine scan C:\Windows\system32
09:09:27.002 AVAST engine scan C:\Windows\system32\drivers
09:10:04.166 AVAST engine scan C:\Users\Ian
10:08:33.571 AVAST engine scan C:\ProgramData
10:36:26.132 File: C:\ProgramData\Wincert\win32prop.dll **INFECTED** Win32:Adware-BRT [Adw]
10:36:26.423 Disk 0 statistics 5521531/0/22 @ 0.64 MB/s
10:36:26.443 Scan finished successfully
10:52:07.087 Disk 0 MBR has been saved successfully to "C:\Users\Ian\Documents\utils\spybot recomended\MBR.dat"
10:52:07.106 The log file has been saved successfully to "C:\Users\Ian\Documents\utils\spybot recomended\aswMBR.txt"
See log below, I stopped the scan after this item was found just to get the log to post here. My system seems clean except for this one item.
Also see two attached logs (aswMBR.txt and FRST.txt) I also have "Addition.txt" ready to go but it is just too big to upload,
ilivid.Toolbar: [SBI $BB9CE1DE] Program directory (Directory, nothing done)
C:\Program Files (x86)\Search Results Toolbar\
User abort!: Scan was not completed successfully. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
Edit Removed updates log. Previous topic in Spybot forum: http://forums.spybot.info/showthread.php?71941-spybot-can-not-remove-ilivid-even-after-reboot&p=461503&highlight=#post461503
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Ian (administrator) on IAN-SMALL-PC on 28-01-2015 08:47:47
Running from C:\Users\Ian\Documents\utils\spybot recomended
Loaded Profiles: Ian (Available profiles: Ian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Windows\PLFSetI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Akamai Technologies, Inc.) C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Akamai Technologies, Inc.) C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(LoiLo inc) C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [344872 2010-03-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [CameraWatcher] => C:\Program Files (x86)\LoiLo\LoiLoFit\CameraWatcher.exe [128128 2013-06-21] (LoiLo inc)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Google Update] => C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\MountPoints2: D - D:\DTVP_Launcher.exe
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\MountPoints2: {412a5771-9d04-11e1-96c8-206a8a146665} - D:\DTVP_Launcher.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-07] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-04-09] ()
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-04-09] ()
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll => "C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll [474112 2013-05-08] () <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll [643584 2013-05-08] () <===== ATTENTION
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_1830t&r=27361210b906l0408z115t67k1k06s
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enCA411
SearchScopes: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=CA&ver=18
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2570150575-2268660576-3537091070-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.144.93 64.59.150.139 192.168.125.1
FireFox:
========
FF ProfilePath: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default
FF DefaultSearchEngine: Norton Safe Search
FF SearchEngineOrder.1: Search Results
FF Homepage: about:home
FF Keyword.URL: hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=360&chn=retail&geo=CA&ver=21&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @talk.google.com/O1DPlugin -> C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Ian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2570150575-2268660576-3537091070-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Ian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ian\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\searchplugins\safesearch.xml
FF Extension: British English Dictionary - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2011-01-05]
FF Extension: Delicious Bookmarks - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012-10-24]
FF Extension: Yahoo! Toolbar - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-24]
FF Extension: Extension Manager - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\pluginfy@pluginfy.manager.xpi [2012-07-14]
FF Extension: Media Converter - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}.xpi [2011-08-27]
FF Extension: New Tab - C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\e07psa2i.default\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}.xpi [2013-06-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-01-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: No Name - C:\Program Files (x86)\Symantec\VIP Access Client [2014-05-17]
FF HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR HomePage: Default -> hxxp://www.searchnu.com/406?appid=362
CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (Google Cast) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-31]
CHR Extension: (Norton Identity Safe) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-29]
CHR Extension: (Skype Click to Call) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-07-03]
CHR Extension: (Norton Safe) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-18]
CHR HKU\S-1-5-21-2570150575-2268660576-3537091070-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 0307951356394099mcinstcleanup; C:\Users\Ian\AppData\Local\Temp\030795~1.EXE -cleanup -nolog [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 HP1319EWS; C:\Windows\System32\Drivers\HP1319EWS.sys [14848 2008-11-10] (Marvell Semiconductor, Inc.)
S3 HP1319FAX; C:\Windows\System32\Drivers\HP1319FAX.sys [16384 2008-11-10] (Marvell Semiconductor, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150127.001\IDSvia64.sys [668888 2015-01-13] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.020\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.020\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R1 RapportCerberus_80120; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80120.sys [845464 2015-01-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2014-12-22] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2014-12-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2014-12-22] (IBM Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 08:46 - 2015-01-28 08:47 - 00000000 ____D () C:\FRST
2015-01-28 08:40 - 2015-01-28 08:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-IAN-SMALL-PC-Windows-7-Home-Premium-(64-bit).dat
2015-01-28 08:36 - 2015-01-28 08:36 - 00002243 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\RegBackup
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-28 08:36 - 2015-01-28 08:36 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-26 09:13 - 2014-11-05 21:59 - 00450776 _____ () C:\Windows\system32\Drivers\etc\hosts.20150126-091312.backup
2015-01-26 07:41 - 2015-01-26 07:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 07:43 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:43 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:43 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:43 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:43 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:43 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:43 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:43 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:43 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:43 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:43 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:43 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:43 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-31 18:34 - 2014-12-31 18:34 - 00001212 _____ () C:\Users\Ian\Desktop\Chromecast.lnk
2014-12-31 18:34 - 2014-12-31 18:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-12-29 21:18 - 2014-12-29 21:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 08:45 - 2010-12-20 16:25 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Skype
2015-01-28 08:44 - 2011-02-10 21:36 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570150575-2268660576-3537091070-1001UA.job
2015-01-28 08:31 - 2010-12-20 16:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 08:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-28 08:27 - 2012-08-16 11:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 07:37 - 2009-07-13 20:45 - 00026160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 07:37 - 2009-07-13 20:45 - 00026160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 07:29 - 2011-01-17 08:14 - 00000000 ___RD () C:\Users\Ian\Dropbox
2015-01-28 07:29 - 2011-01-17 08:08 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Dropbox
2015-01-28 07:26 - 2012-12-02 07:41 - 00000000 ___RD () C:\Users\Ian\Google Drive
2015-01-28 07:24 - 2010-12-20 16:25 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 07:24 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 07:24 - 2009-07-13 20:51 - 00159847 _____ () C:\Windows\setupact.log
2015-01-28 07:22 - 2012-04-24 07:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 07:20 - 2010-08-28 05:24 - 01951779 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 00:44 - 2011-02-10 21:36 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570150575-2268660576-3537091070-1001Core.job
2015-01-27 21:50 - 2010-12-24 08:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-27 19:24 - 2010-12-29 11:31 - 00056832 _____ () C:\Users\Ian\Documents\pwfile(2011).xlsx
2015-01-27 15:16 - 2011-02-25 12:40 - 00000000 ____D () C:\Users\Ian\AppData\Local\CrashDumps
2015-01-27 14:59 - 2012-08-16 11:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-27 14:59 - 2012-04-08 10:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 14:59 - 2011-06-16 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 10:59 - 2010-12-24 08:34 - 00000000 ____D () C:\Users\Ian\Documents\utils
2015-01-26 19:42 - 2010-12-20 16:26 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 19:38 - 2012-12-02 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 17:25 - 2011-03-08 12:27 - 00000000 ____D () C:\Users\Ian\Documents\Admin
2015-01-26 16:08 - 2014-04-24 05:57 - 00024576 _____ () C:\Users\Ian\Documents\pwfileicbc.xlsx
2015-01-26 07:33 - 2011-01-17 22:28 - 00000000 ____D () C:\Users\Ian\Documents\investments
2015-01-25 11:56 - 2010-12-21 06:03 - 00000000 ____D () C:\Users\Ian\Documents\e-Sword
2015-01-23 08:51 - 2011-08-18 05:42 - 00000000 ____D () C:\Users\Ian\Documents\temp
2015-01-23 07:46 - 2010-12-20 16:11 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Mozilla
2015-01-21 08:41 - 2014-11-05 21:48 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Audacity
2015-01-16 12:01 - 2014-05-04 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-16 09:13 - 2010-08-28 05:24 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2015-01-16 07:45 - 2012-11-02 20:34 - 00775912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-16 07:45 - 2009-07-13 21:13 - 00775912 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 08:31 - 2010-05-19 17:06 - 02812802 _____ () C:\Windows\PFRO.log
2015-01-15 08:24 - 2013-09-27 21:45 - 00000000 ____D () C:\Users\Ian\Documents\Outlook Files
2015-01-15 08:11 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 07:50 - 2010-12-26 19:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 11:33 - 2010-12-20 21:33 - 00000000 ____D () C:\Users\Ian\AppData\Local\Microsoft Help
2015-01-08 07:45 - 2010-12-20 16:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 07:45 - 2010-12-20 16:25 - 00000000 ____D () C:\ProgramData\Skype
2015-01-04 00:03 - 2012-12-24 17:05 - 00000336 _____ () C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2015-01-02 09:35 - 2012-12-24 17:05 - 00000322 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
2015-01-01 04:09 - 2014-11-07 21:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-31 18:34 - 2010-12-20 07:00 - 00000000 ____D () C:\Users\Ian\AppData\Local\Google
==================== Files in the root of some directories =======
2010-12-20 16:27 - 2010-12-20 16:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-04-23 06:46 - 2011-11-27 20:54 - 0001353 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll
Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqvc0mr.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-16 16:24
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-28 08:56:14
-----------------------------
08:56:14.073 OS Version: Windows x64 6.1.7601 Service Pack 1
08:56:14.073 Number of processors: 4 586 0x2505
08:56:14.073 ComputerName: IAN-SMALL-PC UserName: Ian
08:56:16.613 Initialize success
08:56:16.853 VM: initialized successfully
08:56:16.853 VM: Intel CPU supported
08:56:29.766 VM: supported disk I/O iaStor.sys
08:59:32.400 AVAST engine defs: 15012800
09:01:44.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:01:44.437 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:01:44.597 VM: Disk 0 MBR read successfully
09:01:44.607 Disk 0 MBR scan
09:01:44.627 Disk 0 Windows VISTA default MBR code
09:01:44.647 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
09:01:44.677 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
09:01:44.687 Disk 0 default boot code
09:01:44.717 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463838 MB offset 26830848
09:01:44.867 Disk 0 scanning C:\Windows\system32\drivers
09:02:04.291 Service scanning
09:02:09.232 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20150106.001\BHDrvx64.sys **LOCKED** 5
09:02:14.363 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
09:02:15.213 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
09:02:20.304 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20150127.001\IDSvia64.sys **LOCKED** 5
09:02:27.046 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.040\ENG64.SYS **LOCKED** 5
09:02:27.326 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20150127.040\EX64.SYS **LOCKED** 5
09:02:50.622 Modules scanning
09:02:50.642 Disk 0 trace - called modules:
09:02:50.702 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:02:50.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d73060]
09:02:50.722 3 CLASSPNP.SYS[fffff88001d7b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007aac050]
09:02:53.262 AVAST engine scan C:\Windows
09:02:59.164 AVAST engine scan C:\Windows\system32
09:09:27.002 AVAST engine scan C:\Windows\system32\drivers
09:10:04.166 AVAST engine scan C:\Users\Ian
10:08:33.571 AVAST engine scan C:\ProgramData
10:36:26.132 File: C:\ProgramData\Wincert\win32prop.dll **INFECTED** Win32:Adware-BRT [Adw]
10:36:26.423 Disk 0 statistics 5521531/0/22 @ 0.64 MB/s
10:36:26.443 Scan finished successfully
10:52:07.087 Disk 0 MBR has been saved successfully to "C:\Users\Ian\Documents\utils\spybot recomended\MBR.dat"
10:52:07.106 The log file has been saved successfully to "C:\Users\Ian\Documents\utils\spybot recomended\aswMBR.txt"