Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware in Firefox

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Adware in Firefox

Unread postby harries71 » April 3rd, 2015, 5:50 am

Hi there,

Within the last 2 days I have noticed some kind of adware when I use Firefox. It causes adverts to appear on screen - when I try to close the adverts, they force me to visit a website called 'Online Advertising Support'. I've also noticed that some web-pages I view are made unstable, bringing up messages such as: "a script on this page may be busy, or it may have stopped responding. You can stop the script now, open the script in the debugger, or let the script continue. Script: http://pstatic.eshopcomp.com/nwp/Extern ... cy_v2.js:1".

I am not aware of downloading any programs that might have caused this, although I do occasionally download and save video clips from sources such as Youtube and Vimeo. It may be that I have received an email with the virus, but I am not aware of any arriving within the last two days which aroused my suspicion or triggered my anti-virus software.

This is my home desktop PC. I use AVG anti-virus software, as well as CCleaner - having updated both since yesterday, neither is showing up any harmful programs. I have tried using the 'Uninstall Program' feature in Control Panel to remove any unusual recently installed programs but none appear in the list that seem unusual. I've tried uninstalling and reinstalling Firefox, I've also tried adding a Firefox add-on ad-blocker, but this simply hides the text of the adverts without removing the pop-up panels. The adware seems to hide itself.

This morning I tried ctrl+alt+delete to open Task Manager to look for processes that I should try stopping, to see if it would make any of the adverts close down, but I'm not an expert in these matters and I'm not certain if any of the closures I attempted made any difference.

For the time being I am using Internet Explorer and trying to avoid Firefox. However I presume the program is still embedded somewhere in my PC and I would like to check what it is and whether it can be removed. Having attempted all I know to do, I found your forum via an online search and hope you may be able to advise. Thankyou for your assistance.

---------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689
Run by Simon Harries at 10:18:28 on 2015-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8086.5751 [GMT 1:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bbc.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: IP Tool: {766fc80d-2bbc-402b-9544-a5485f9ef2f3} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [Conime] C:\Windows\System32\conime.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{71476581-B615-4FFB-9120-B76B31BA2A6A} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{A9F3D07A-0F83-4353-97F2-50A358CE0FEB} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Simon Harries\AppData\Roaming\Mozilla\Firefox\Profiles\vr5pke1c.default-1428014804228\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Simon Harries\AppData\Local\Programs\Aspera\Aspera Connect\lib\npasperaweb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-29 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-23 56208]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-6-15 21616]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-10-24 237848]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-20 269080]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-8-29 50976]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2014-12-16 1417160]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-12-16 3247120]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-12-16 289328]
R2 BT Help Wizard;BT Help Wizard;C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [2014-4-9 321024]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-12-8 375608]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-12-8 467256]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-9-17 16000]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-9-17 157776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-15 2655768]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-12-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-7-22 296312]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-15 104560]
R3 RRNetCapMP;RRNetCapMP;C:\Windows\System32\drivers\rrnetcap.sys [2013-3-22 37480]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 AVerRECentral;AVerRECentral;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [2015-2-5 1924608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-13 68608]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2014-5-6 395640]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-12-11 780152]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-3-4 428640]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [2014-8-29 1843736]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 AVer330USB;AVer330USB;C:\Windows\System32\drivers\AVer330USB.sys [2015-2-5 1550464]
S3 Blackberry Device Manager;Blackberry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-1-18 577536]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-13 68608]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-6-15 30528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-10 114688]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-3-4 341856]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-3-4 4183904]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RRNetCap;RRNetCap Service;C:\Windows\System32\drivers\rrnetcap.sys [2013-3-22 37480]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-15 1255736]
S4 Sffosvrnspvu;Sffosvrnspvu; [x]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-04-02 22:01:47 -------- d-----w- C:\Users\Simon Harries\D536E3C2820443E4A69718070972C0A9.TMP
2015-04-01 16:46:00 -------- d-----w- C:\Program Files (x86)\helper king
2015-03-26 07:52:03 -------- d-----w- C:\Users\Simon Harries\The Book Tower - YTV DVD
2015-03-25 23:59:15 -------- d-----w- C:\Users\Simon Harries\Ravensbourne Clips
2015-03-25 01:09:34 943616 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-25 01:09:34 760832 ----a-w- C:\Windows\System32\invagent.dll
2015-03-25 01:09:34 677888 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-25 01:09:34 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-03-25 01:09:34 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-25 01:09:34 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-25 01:09:34 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-25 01:09:34 1107456 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-21 22:28:33 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2015-03-21 22:28:32 227048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2015-03-21 22:28:32 131072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2015-03-21 22:28:32 131072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2015-03-21 22:28:32 131072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2015-03-21 22:28:32 131072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2015-03-21 22:28:32 131072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2015-03-21 10:46:27 -------- d-----w- C:\Users\Simon Harries\pix+audio
2015-03-17 20:47:00 -------- d-----w- C:\Users\Simon Harries\dwhelper
2015-03-13 07:53:39 -------- d-----w- C:\Users\Simon Harries\AppData\Local\Seagate_Technology_LLC
2015-03-10 19:58:38 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-10 19:58:37 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-10 19:58:36 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-10 19:58:36 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-10 19:58:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-10 19:58:36 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-10 19:58:36 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-10 19:58:35 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-10 19:58:35 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-10 19:58:35 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-10 19:56:59 82432 ----a-w- C:\Windows\System32\cryptsp.dll
2015-03-10 19:53:54 215552 ----a-w- C:\Windows\System32\ubpm.dll
2015-03-10 19:53:53 171520 ----a-w- C:\Windows\SysWow64\ubpm.dll
2015-03-10 19:53:15 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-03-10 19:53:14 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-03-10 19:51:45 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-03-10 19:50:11 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-03-10 19:50:11 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-03-05 22:32:32 -------- d-----w- C:\Program Files\iPod
2015-03-05 22:32:32 -------- d-----w- C:\Program Files (x86)\iTunes
2015-03-05 22:32:30 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-05 22:32:30 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2015-04-01 23:28:13 778928 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-01 23:28:13 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-17 15:26:28 1217184 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-30 23:56:51 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-17 02:48:38 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-01-17 02:30:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-01-09 03:14:19 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-01-09 02:48:18 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
.
============= FINISH: 10:19:03.98 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/06/2012 12:22:31
System Uptime: 03/04/2015 08:43:20 (2 hours ago)
.
Motherboard: Gigabyte Tecohnology Co., Ltd. | | H61M-S2PV
Processor: Intel(R) Pentium(R) CPU G840 @ 2.80GHz | Intel(R) Pentium(R) CPU G840 @ 2.80GHz | 2800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 73.952 GiB free.
D: is CDROM ()
G: is FIXED (NTFS) - 2794 GiB total, 409.267 GiB free.
L: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP450: 01/04/2015 05:17:13 - Scheduled Checkpoint
RP451: 02/04/2015 22:59:51 - Removed Bonjour
RP452: 02/04/2015 23:01:08 - Removed Aspera Connect
.
==== Installed Programs ======================
.
@BIOS
ABC Amber Audio Converter
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Help Manager
Adobe Photoshop 7.0
Adobe Premiere Pro 1.5
Adobe Premiere Pro CS6
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
aioprnt
aioscnnr
Amazon Music
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Aspera Connect
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audials
AVerMedia C875 Live Gamer Portable 3.7.64.37
AVerMedia RECentral
AVG 2014
AVG Web TuneUp
Avid Codecs LE
Avidemux 2.5
BBC Iplayer
bl
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
Bonjour
BT Desktop Help
CameraHelperMsi
Canon Utilities Digital Photo Professional 3.11
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities ImageBrowser EX
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
CCleaner
center
Compatibility Pack for the 2007 Office system
CuteFTP 8 Lite
Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition
Digital Theatre Player 4.0
Dropbox
DVD Shrink 3.2
Easy Tune 6 B11.1206.1
erLT
essentials
Fitbit Connect
get_iplayer 4.9
Google Toolbar for Internet Explorer
Google Update Helper
HandBrake 0.10.0
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
IP Tool
iTunes
Java 7 Update 11 (64-bit)
Java SE Development Kit 7 Update 11 (64-bit)
Kodak AIO Printer
KODAK AiO Software
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Expression Web 4
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2010
Microsoft Office Outlook 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Outlook 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Miraizon DNxHD and ProRes for QuickTime
Mozilla Firefox 37.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
NEF Codec
NEF to JPG
Nero 7 Premium
Nikon Scan
Noise Reduction Plug-in 2.0
ocr
ON_OFF Charge B11.1102.1
PDFConverter Desktop
ph
PreReq
PrintProjects
QT Lite 4.1.0
QuickTime Alternative 1.81
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Seagate Dashboard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2883100) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2956139) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SES Driver
Skype™ 6.18
Sound Forge Pro 10.0
Spotify
TV-Ark Page Generator
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956203) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.7
WD Drive Utilities
WD Quick View
WD Security
WD SES Driver Setup
WD SmartWare
WD SmartWare Installer
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR 4.11 (64-bit)
YTD Video Downloader 3.9.6
.
==== Event Viewer Messages From Past Week ========
.
03/04/2015 09:00:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:59:57, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:59:44, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:59:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:59:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:59:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:59:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:58:41, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 3 time(s).
03/04/2015 08:58:41, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:58:41, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:58:41, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:58:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Location Awareness service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:58:37, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:58:37, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/04/2015 08:58:37, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:58:37, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:58:28, Error: Service Control Manager [7031] - The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
03/04/2015 08:58:07, Error: Service Control Manager [7034] - The UPnP Device Host service terminated unexpectedly. It has done this 3 time(s).
03/04/2015 08:58:07, Error: Service Control Manager [7034] - The SSDP Discovery service terminated unexpectedly. It has done this 3 time(s).
03/04/2015 08:58:05, Error: Service Control Manager [7034] - The Windows Backup service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:58:00, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/04/2015 08:57:57, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:53, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the SSDP Discovery service, but this action failed with the following error: An instance of the service is already running.
03/04/2015 08:57:52, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/04/2015 08:57:52, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/04/2015 08:57:48, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:57:44, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:44, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:44, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:41, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/04/2015 08:57:41, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:30, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:21, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:57:21, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:21, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:21, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:57:21, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
03/04/2015 08:57:21, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:57:21, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
03/04/2015 08:54:42, Error: Service Control Manager [7034] - The WD Drive Manager service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:53:40, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
03/04/2015 08:53:01, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
03/04/2015 08:52:56, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:52:49, Error: Service Control Manager [7034] - The vToolbarUpdater3.2.0 service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:52:11, Error: Service Control Manager [7034] - The AVerRECentral service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:52:05, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:51:56, Error: Service Control Manager [7034] - The Fitbit Connect Service service terminated unexpectedly. It has done this 3 time(s).
03/04/2015 08:51:49, Error: Service Control Manager [7031] - The Fitbit Connect Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
03/04/2015 08:51:44, Error: Service Control Manager [7034] - The Kodak AiO Status Monitor Service service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:51:35, Error: Service Control Manager [7034] - The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:50:53, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
03/04/2015 08:50:45, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
03/04/2015 08:50:15, Error: Service Control Manager [7031] - The Fitbit Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
03/04/2015 01:01:08, Error: Service Control Manager [7043] - The AVerRECentral service did not shut down properly after receiving a preshutdown control.
03/04/2015 00:28:26, Error: Schannel [36887] - The following fatal alert was received: 20.
.
==== End Of File ===========================
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am
Advertisement
Register to Remove

Re: Adware in Firefox

Unread postby Cypher » April 3rd, 2015, 6:38 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Next.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.



Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, Uncheck enable free trial of Malwarebytes' Anti-Malware, (You can activate this when we've finished, if you wish)
  • Then click Finish.
  • You'll see an alert that "Databases out of date" Click the "Update Now" button.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • Malwarebytes' Anti-Malware log.
  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 3rd, 2015, 2:24 pm

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 03/04/2015
Scan Time: 19:08:03
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.03.06
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Simon Harries

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371342
Time Elapsed: 13 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 45
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, Quarantined, [1b172f3991f945f1d677231b83805ba5],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, Quarantined, [fc36ca9edfabee485fee2519e2216b95],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Updater.AmiUpd.1, Quarantined, [fc36ca9edfabee485fee2519e2216b95],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, Quarantined, [34fe84e40b7f40f69fa441875ba8a957],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, Quarantined, [a48e10586822bd79d5a733a634cfb44c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [032f4721bbcfb185854d6397778c867a],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\TheTorntv V10, Quarantined, [9d952345e3a7191da86800d29f648d73],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, Quarantined, [b979c0a8ee9cd264f5871cbd8a7950b0],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [65cdbdabd0baa1957daac31efd06a759],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [d75b7debe2a80d29d8fae6148d761be5],
PUP.Optional.WhiteSmoke.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WhiteSmoke_US Toolbar, Quarantined, [db57c1a771196dc94205e6f57291a65a],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [250d54146b1fa39346dbc57ae1248d73],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [151df276f991fd39a67cde61d43142be],
PUP.Optional.TornTV.A, HKU\S-1-5-18\SOFTWARE\TornTv Downloader, Quarantined, [42f0d3958604af870de1e4e7f0132dd3],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\1ClickDownload, Quarantined, [d260f8703f4bdb5b63a37ba36d989c64],
PUP.Optional.TornTV.A, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\TornTv Downloader, Quarantined, [4fe3cc9c751585b19d518f3c8380d030],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [74be82e690faf145925e8a4121e2936d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [c66cdd8b345639fd657558d8e223e917],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [b28052167515ab8b434087458d76d828],
PUP.Optional.TornTV.A, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, Quarantined, [3ef43a2e4149d85e5eb46072fc0728d8],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [032fec7ca9e18da961165a5a5ca7f60a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, Quarantined, [fb370c5cff8be84e4cb13e971fe47789],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\esc, Quarantined, [7cb6beaacebcc76f59de26a314ef33cd],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.OneClickCtrl.10, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\globalUpdate.Update3WebControl.4, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],

Registry Values: 3
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [65cdbdabd0baa1957daac31efd06a759]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATEDEV|AuCheckPeriodMs, 21600000, Quarantined, [fb37aabe43476cca2fafdcd782818878]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [032fec7ca9e18da961165a5a5ca7f60a]

Registry Data: 0
(No malicious items detected)

Folders: 11
PUP.Optional.SoftwareUpdater.A, C:\Users\Simon Harries\AppData\Local\SwvUpdater, Quarantined, [be74dc8cf991cd69a13b0dd359aab14f],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download\{0C2AF9DC-66D1-48AE-9090-CEBC6474A847}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download\{0C2AF9DC-66D1-48AE-9090-CEBC6474A847}\1.3.25.27, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{636303FA-8A30-4B40-B19B-9942CAA579C2}, Quarantined, [989a85e383079d994c4ab2e3d0336a96],

Files: 65
PUP.Optional.Spigot.A, C:\ProgramData\YTD YouTube Downloader & Converter\ytd_installer.exe, Quarantined, [d85a9bcd4248b581618eb96e14ec20e0],
PUP.Optional.SoftwareUpdater.A, C:\Users\Simon Harries\AppData\Local\SwvUpdater\Updater.xml, Quarantined, [be74dc8cf991cd69a13b0dd359aab14f],
PUP.Optional.SoftwareUpdater.A, C:\Users\Simon Harries\AppData\Local\SwvUpdater\status.cfg, Quarantined, [be74dc8cf991cd69a13b0dd359aab14f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-1, Quarantined, [ce64c1a7bcce270f4bd7e7fa15eecd33],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-11, Quarantined, [b37fa6c2553566d05cc6924f54afca36],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-2, Quarantined, [a88acc9c6c1e999dbd65439ed1327090],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-3, Quarantined, [89a90e5a7713d066b66cb22f22e1837d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-4, Quarantined, [50e2a1c70882cd690f13a63b5fa46997],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-5, Quarantined, [74be4820b6d484b270b26180976c40c0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-5_user, Quarantined, [c66c87e17e0c171f7ca63ba62fd457a9],
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, Quarantined, [d85ae58349411b1bc3d9b62f0102e51b],
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, Quarantined, [3bf73b2dcebc2016b79ca06e50b4748c],
PUP.Optional.FunMoods.A, C:\Users\Simon Harries\AppData\Local\funmoods.crx, Quarantined, [83af81e7bad0df5704be9b9d7e87e61a],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-1.job, Quarantined, [8fa32741dfab7abcdf23d469df26639d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-11.job, Quarantined, [9d9568006a201d19986ae558bd48f30d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-2.job, Quarantined, [47ebc1a76f1b5fd7c53dde5f2ed78878],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-3.job, Quarantined, [4de508604644a591f60c201d3ec7f808],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-4.job, Quarantined, [7cb654141e6cb086ff0399a495706a96],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-5.job, Quarantined, [6ec4f078414923135ba71b220ff610f0],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b7ccb94a-9647-4a80-b8e5-9b5ce3d21b5c-5_user.job, Quarantined, [ae84c8a008822c0a0ff342fbdb2aa35d],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [ae84cd9bc6c48ea815fcde5fae5742be],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [6cc6dd8b1476ac8a2ee4d66751b426da],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [141e71f7bbcf0135ac67310cba4b857b],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [e74bc7a1b4d6a393c153023b0afb1de3],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\1.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\a.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\b.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\c.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\d.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\e.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\f.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\g.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\h.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\i.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\j.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\k.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\l.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\m.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\mru.xml, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\n.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\o.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\p.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\q.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\r.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\s.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\t.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\u.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\v.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\w.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\wlu.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\x.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\y.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.PriceGong.A, C:\Users\Simon Harries\AppData\LocalLow\PriceGong\Data\z.txt, Quarantined, [c270f6727f0be84e8f62087afe05ce32],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [989a85e383079d994c4ab2e3d0336a96],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download\{0C2AF9DC-66D1-48AE-9090-CEBC6474A847}\1.3.25.27\setup.exe, Quarantined, [989a85e383079d994c4ab2e3d0336a96],

Physical Sectors: 0
(No malicious items detected)


(end)
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby harries71 » April 3rd, 2015, 2:42 pm

# AdwCleaner v4.200 - Logfile created 03/04/2015 at 19:28:57
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Simon Harries - SIMON-PC
# Running from : C:\Users\Simon Harries\Windows 7 Stuff\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : vToolbarUpdater3.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Simon Harries\AppData\Local\Conduit
Folder Deleted : C:\Users\Simon Harries\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Simon Harries\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Simon Harries\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Simon Harries\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Simon Harries\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Simon Harries\AppData\Roaming\download Manager
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Scheduled tasks ] *****

Task Deleted : IHSelfDeleteTASK
Task Deleted : IHUninstallTrackingTASK
Task Deleted : Your File Updater
Task Deleted : 559debdf-b6ec-4715-9003-9eafe7cd4a2a
Task Deleted : 99f2a4e1-fe5b-4439-9297-bc116aa97f46

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0 (x86 en-GB)


*************************

AdwCleaner[R0].txt - [10322 bytes] - [03/04/2015 19:27:44]
AdwCleaner[S0].txt - [10182 bytes] - [03/04/2015 19:28:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10242 bytes] ##########
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby harries71 » April 3rd, 2015, 2:50 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Simon Harries (administrator) on SIMON-PC on 03-04-2015 19:48:01
Running from C:\Users\Simon Harries\Windows 7 Stuff\Desktop
Loaded Profiles: Simon Harries (Available profiles: Simon Harries)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13370472 2011-11-18] (Realtek Semiconductor)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {26d05591-6056-11e3-b681-50e54919a016} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {44c4e00b-b6f1-11e1-a56f-50e54919a016} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {777f91dd-3a92-11e3-86ec-50e54919a016} - E:\Unlock.exe autoplay=true
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://bbc.co.uk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-14] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-14] (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-06-17] (RealPlayer)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - IP Tool - {766fc80d-2bbc-402b-9544-a5485f9ef2f3} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Simon Harries\AppData\Roaming\Mozilla\Firefox\Profiles\vr5pke1c.default-1428014804228
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-02] ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-01-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @asperasoft.com/AsperaConnect -> C:\Users\Simon Harries\AppData\Local\Programs\Aspera\Aspera Connect\lib\npasperaweb.dll [2012-03-01] (Aspera, Inc. )
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-03-25] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-03-25] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-06-17] (RealPlayer)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll [2012-12-06] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-01-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1620838597-635671493-4020915475-1000: @asperasoft.com/AsperaConnect -> C:\Users\Simon Harries\AppData\Local\Programs\Aspera\Aspera Connect\lib\npasperaweb.dll [2012-03-01] (Aspera, Inc. )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-15] (Apple Inc.)
FF Extension: BT DesktopHelp extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-03-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-17]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-07-02] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [1924608 2014-10-15] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 Sffosvrnspvu; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 AVer330USB; C:\Windows\System32\DRIVERS\AVer330USB.sys [1550464 2014-11-05] (AVerMedia TECHNOLOGIES, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-06-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-22] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-22] (RapidSolution Software AG)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 19:47 - 2015-04-03 19:48 - 00000000 ____D () C:\FRST
2015-04-03 19:27 - 2015-04-03 19:36 - 00000000 ____D () C:\AdwCleaner
2015-04-03 19:07 - 2015-04-03 19:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 19:06 - 2015-04-03 19:06 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-03 19:06 - 2015-04-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-03 19:06 - 2015-04-03 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-03 19:06 - 2015-04-03 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-03 19:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-03 19:06 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-03 19:06 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-03 19:04 - 2015-04-03 19:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SIMON-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-03 19:03 - 2015-04-03 19:03 - 00000000 ____D () C:\RegBackup
2015-04-03 19:02 - 2015-04-03 19:02 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-04-03 19:02 - 2015-04-03 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-03 19:02 - 2015-04-03 19:02 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-03 08:44 - 2015-04-03 19:37 - 00000336 _____ () C:\Windows\setupact.log
2015-04-03 08:44 - 2015-04-03 08:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-03 08:43 - 2015-04-03 19:37 - 00021286 _____ () C:\Windows\PFRO.log
2015-04-03 08:43 - 2015-04-03 08:50 - 05149128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 23:37 - 2015-04-02 23:37 - 00159232 _____ () C:\Users\Simon Harries\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-02 23:35 - 2015-04-02 23:35 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-02 23:35 - 2015-04-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 08:13 - 2015-04-02 08:13 - 00002806 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-01 18:46 - 2015-04-02 22:53 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 17:46 - 2015-04-03 19:46 - 00001336 _____ () C:\Windows\Tasks\helper_king_notification_service.job
2015-04-01 17:46 - 2015-04-03 19:38 - 00001030 _____ () C:\Windows\Tasks\ItI78RqBO8wx3.job
2015-04-01 17:46 - 2015-04-03 19:38 - 00000698 _____ () C:\Windows\Tasks\helper_king_updating_service.job
2015-04-01 17:46 - 2015-04-02 22:56 - 00000000 ____D () C:\Program Files (x86)\helper king
2015-04-01 17:46 - 2015-04-01 17:46 - 00004374 _____ () C:\Windows\System32\Tasks\helper_king_notification_service
2015-04-01 17:46 - 2015-04-01 17:46 - 00004072 _____ () C:\Windows\System32\Tasks\ItI78RqBO8wx3
2015-04-01 17:46 - 2015-04-01 17:46 - 00003738 _____ () C:\Windows\System32\Tasks\helper_king_updating_service
2015-03-31 09:14 - 2015-03-31 09:14 - 00004387 _____ () C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3
2015-03-25 02:09 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 02:09 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 02:09 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 02:09 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 02:09 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 02:09 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 02:09 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 02:09 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-21 23:28 - 2015-04-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-17 21:47 - 2015-03-17 21:47 - 00000000 ____D () C:\Users\Simon Harries\dwhelper
2015-03-13 08:53 - 2015-03-13 08:53 - 00000000 ____D () C:\Users\Simon Harries\AppData\Local\Seagate_Technology_LLC
2015-03-10 20:58 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 20:58 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 20:58 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 20:58 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 20:58 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 20:58 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 20:58 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 20:58 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 20:58 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 20:58 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 20:57 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:57 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 20:57 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 20:57 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 20:57 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 20:57 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 20:57 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 20:57 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 20:57 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 20:57 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 20:57 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 20:56 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 20:56 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 20:56 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 20:56 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 20:56 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 20:56 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 20:56 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 20:56 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 20:56 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 20:56 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 20:56 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 20:56 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 20:56 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 20:56 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 20:56 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 20:56 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 20:56 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 20:56 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 20:56 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 20:56 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 20:56 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 20:56 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 20:56 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 20:53 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 20:53 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 20:53 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:53 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 20:53 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 20:53 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 20:52 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 20:52 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 20:52 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 20:52 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 20:52 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 20:52 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 20:52 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 20:52 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 20:52 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 20:52 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 20:52 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 20:52 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 20:52 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 20:52 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 20:52 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:52 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 20:51 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:51 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 20:51 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 20:51 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 20:51 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 20:51 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 20:51 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 20:51 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 20:51 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 20:51 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 20:51 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 20:51 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 20:51 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 20:51 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 20:51 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 20:51 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 20:51 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 20:51 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 20:51 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 20:51 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 20:51 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 20:51 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 20:51 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 20:51 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 20:51 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 20:51 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 20:51 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 20:51 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 20:51 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 20:51 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 20:51 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 20:51 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 20:51 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 20:51 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 20:51 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 20:51 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 20:51 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 20:51 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 20:51 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 20:51 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 20:51 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 20:51 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 20:51 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 20:51 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 20:51 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 20:51 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 20:51 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 20:51 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 20:51 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 20:51 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 20:51 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 20:51 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 20:51 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 20:51 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 20:51 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 20:51 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 20:51 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 20:50 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:50 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-05 23:34 - 2015-03-05 23:34 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-05 23:34 - 2015-03-05 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-05 23:32 - 2015-03-05 23:34 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-05 23:32 - 2015-03-05 23:34 - 00000000 ____D () C:\Program Files\iTunes
2015-03-05 23:32 - 2015-03-05 23:32 - 00000000 ____D () C:\Program Files\iPod
2015-03-05 23:32 - 2015-03-05 23:32 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 19:46 - 2012-06-15 12:13 - 01446946 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 19:40 - 2014-11-29 10:45 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-04-03 19:38 - 2014-10-13 11:27 - 00001716 _____ () C:\Windows\Tasks\VLJUVMT.job
2015-04-03 19:38 - 2014-10-13 11:27 - 00001368 _____ () C:\Windows\Tasks\BGCOB.job
2015-04-03 19:38 - 2014-02-26 22:36 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-03 19:38 - 2013-03-23 14:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 19:38 - 2012-06-15 19:14 - 00000000 ____D () C:\ProgramData\Kodak
2015-04-03 19:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 19:36 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 19:36 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 19:30 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-04-03 19:28 - 2014-06-14 20:21 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-03 19:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-04-03 19:22 - 2012-06-19 17:51 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter
2015-04-03 18:50 - 2013-03-23 14:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 16:09 - 2012-06-15 12:22 - 00000000 ____D () C:\Users\Simon Harries
2015-04-03 16:08 - 2012-08-21 23:21 - 05939712 ___SH () C:\Users\Simon Harries\Thumbs.db
2015-04-03 16:05 - 2012-06-16 00:24 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\vlc
2015-04-03 16:04 - 2012-06-15 13:32 - 00000000 ____D () C:\Useful Stuff - June 2012
2015-04-03 14:46 - 2009-07-14 06:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 14:43 - 2015-02-07 17:43 - 00000000 ____D () C:\video-from-laptop
2015-04-03 08:57 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-02 23:27 - 2014-10-05 18:14 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gramblr
2015-04-02 23:27 - 2012-10-21 17:27 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-02 22:52 - 2012-06-15 12:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 08:15 - 2012-06-18 10:58 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-02 08:13 - 2012-06-16 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-02 00:28 - 2014-06-21 20:37 - 00000000 ____D () C:\Users\Simon Harries\AppData\Local\Adobe
2015-04-02 00:28 - 2012-06-15 12:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-02 00:28 - 2012-06-15 12:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-02 00:28 - 2012-06-15 12:46 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-02 00:13 - 2012-12-02 12:31 - 00000000 ____D () C:\Windows\pss
2015-03-28 14:53 - 2014-12-31 11:49 - 00000000 ____D () C:\Users\Simon Harries\.get_iplayer
2015-03-25 04:16 - 2014-12-11 04:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 04:16 - 2014-05-06 23:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 09:13 - 2015-02-28 13:21 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\HandBrake
2015-03-19 07:52 - 2012-07-04 13:40 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\dvdcss
2015-03-18 01:42 - 2013-12-11 22:10 - 00000000 ___RD () C:\Users\Simon Harries\Dropbox
2015-03-18 01:42 - 2012-10-21 17:26 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\Dropbox
2015-03-14 14:12 - 2012-06-19 13:54 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\Spotify
2015-03-14 14:12 - 2012-06-19 13:54 - 00000000 ____D () C:\Users\Simon Harries\AppData\Local\Spotify
2015-03-14 10:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 22:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 08:20 - 2012-06-16 00:15 - 00000000 ____D () C:\Users\Simon Harries\Windows 7 Stuff
2015-03-11 08:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 08:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-10 23:52 - 2012-06-15 18:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 23:52 - 2009-07-14 03:34 - 00000499 _____ () C:\Windows\win.ini
2015-03-10 23:47 - 2013-08-16 00:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 23:39 - 2012-06-15 13:39 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 20:50 - 2013-10-19 23:10 - 00000000 ____D () C:\DVD Archive
2015-03-07 19:58 - 2012-06-16 00:14 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-03-05 23:32 - 2012-06-19 13:42 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Simon Harries\AppData\Roaming\BGCOB
2013-11-25 10:01 - 2014-08-31 23:34 - 0000121 _____ () C:\Users\Simon Harries\AppData\Roaming\Camdata.ini
2013-11-25 10:01 - 2014-08-31 23:34 - 0000408 _____ () C:\Users\Simon Harries\AppData\Roaming\CamLayout.ini
2013-11-25 10:01 - 2014-08-31 23:34 - 0000408 _____ () C:\Users\Simon Harries\AppData\Roaming\CamShapes.ini
2013-11-25 10:01 - 2014-08-31 23:34 - 0004416 _____ () C:\Users\Simon Harries\AppData\Roaming\CamStudio.cfg
2013-01-03 22:13 - 2013-01-03 22:14 - 0310580 _____ () C:\Users\Simon Harries\AppData\Roaming\CodecsLE_Install.log
2012-09-08 14:51 - 2012-09-08 14:54 - 0038438 _____ () C:\Users\Simon Harries\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-03-31 09:14 - 2015-03-31 09:14 - 0004387 _____ () C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3
2012-09-24 23:33 - 2012-09-30 22:46 - 0038461 _____ () C:\Users\Simon Harries\AppData\Roaming\Microsoft Excel 97-2003.ADR
2012-09-08 13:55 - 2014-11-15 15:27 - 0013014 _____ () C:\Users\Simon Harries\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-08 13:54 - 2013-04-23 15:18 - 0003361 _____ () C:\Users\Simon Harries\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-08 13:55 - 2014-11-15 15:27 - 0004774 _____ () C:\Users\Simon Harries\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-16 23:44 - 2014-11-15 15:27 - 0004235 _____ () C:\Users\Simon Harries\AppData\Roaming\Rim.Transcoder.Exception.log
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Simon Harries\AppData\Roaming\VLJUVMT
2012-09-16 23:44 - 2014-11-15 15:24 - 0052224 _____ () C:\Users\Simon Harries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-15 22:28 - 2014-08-10 10:00 - 0000236 _____ () C:\Users\Simon Harries\AppData\Local\LaunchHomeCenter.log
2013-12-08 22:50 - 2014-09-29 21:12 - 0007601 _____ () C:\Users\Simon Harries\AppData\Local\resmon.resmoncfg
2012-06-15 19:01 - 2012-06-15 19:01 - 0017408 _____ () C:\Users\Simon Harries\AppData\Local\WebpageIcons.db

Some content of TEMP:
====================
C:\Users\Simon Harries\AppData\Local\Temp\Quarantine.exe
C:\Users\Simon Harries\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 01:01

==================== End Of Log ============================
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby harries71 » April 3rd, 2015, 2:51 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Simon Harries at 2015-04-03 19:48:58
Running from C:\Users\Simon Harries\Windows 7 Stuff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
ABC Amber Audio Converter (HKLM-x32\...\ABC Amber Audio Converter) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Premiere Pro 1.5 (HKLM-x32\...\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}) (Version: 1.5 - Adobe Systems, Inc.)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Amazon Music (HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aspera Connect (HKLM-x32\...\{D536E3C2-8204-43E4-A697-18070972C0A9}) (Version: 2.7.8.51644 - Aspera, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audials (HKLM-x32\...\{7D34F546-683D-47A9-91A0-7DE863DF048C}) (Version: 10.2.14807.700 - Audials AG)
AVerMedia C875 Live Gamer Portable 3.7.64.37 (HKLM-x32\...\AVerMedia C875 Live Gamer Portable) (Version: 3.7.64.37 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral (HKLM-x32\...\InstallShield_{30D6B6ED-E039-4D62-8E07-E058D17A9372}) (Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.)
AVerMedia RECentral (x32 Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
Avid Codecs LE (HKLM-x32\...\{6CA8F328-2590-4232-9A2D-B50F72F41863}) (Version: 2.3.8 - Avid Technology, Inc.)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5 (64-bit)) (Version: 2.5.6.7716 - )
BBC iPlayer Downloads (HKLM-x32\...\{D8753E3F-B86E-4BA6-A44A-6D92BFB38519}) (Version: 1.11.0 - BBC)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlackBerry App World Browser Plugin (HKLM-x32\...\{A21CC8D4-7BA8-4AA9-9F2E-EEF54D5F7E71}) (Version: 4.2.1.12 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{38676C9C-270F-43D1-926A-E45DE8820A6B}) (Version: 7.1.0.34 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.27.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.2.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.0.1.32 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CuteFTP 8 Lite (HKLM-x32\...\{ED5761A3-C109-4E0E-8241-19DB67E66BED}) (Version: 8.3.4 - GlobalSCAPE)
Digital Theatre Player 4.0 (HKLM-x32\...\com.digitaltheatre.DTPlayer) (Version: 4.0 - Digital Theatre.Com Limited)
Digital Theatre Player 4.0 (x32 Version: 4.0 - Digital Theatre.Com Limited) Hidden
Dropbox (HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Easy Tune 6 B11.1206.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.1206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
get_iplayer 4.9 (HKLM-x32\...\get_iplayer) (Version: 4.9 - infradead.org)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
IP Tool (HKLM-x32\...\IPTool) (Version: - iPrivacyTools.com)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
Java SE Development Kit 7 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Miraizon DNxHD and ProRes for QuickTime (HKLM-x32\...\DNxHDProResQTV2) (Version: 2.0.1.1 - Miraizon)
Mozilla Firefox 37.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 en-GB)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
NEF to JPG (HKLM-x32\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version: - neftojpg.com)
Nero 7 Premium (HKLM-x32\...\{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}) (Version: 7.02.0936 - Nero AG)
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
Noise Reduction Plug-in 2.0 (HKLM-x32\...\{BF4742B0-7A7B-11E1-AFD0-F04DA23A5C58}) (Version: 2.0.471 - Sony)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PDFConverter Desktop (HKLM-x32\...\PDFConverter Desktop_is1) (Version: - Baltsoft Software)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QT Lite 4.1.0 (HKLM-x32\...\quicktime_lite_is1) (Version: 4.1.0 - )
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sound Forge Pro 10.0 (HKLM-x32\...\{B0E59B80-7A77-11E1-A6FE-F04DA23A5C58}) (Version: 10.0.503 - Sony)
Spotify (HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TV-Ark Page Generator (HKLM-x32\...\{608DBD2A-8329-427C-A6D2-958823676C78}) (Version: 1.0.21 - Team)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SES Driver Setup (x32 Version: 1.0.1.6 - Western Digital) Hidden
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02B6D443-792E-4448-8FEA-A6C3DD3A1982} - System32\Tasks\{49E3BB4C-D5F2-43FE-92F8-B8D2EDDC145D} => pcalua.exe -a "C:\Users\Simon Harries\AppData\Local\Temp\Temp3_NS4.zip\NS4\Disk1\setup.exe"
Task: {0A28D829-B917-4CA3-A9DB-154C06A321C7} - System32\Tasks\{54221842-8EAF-4A33-BF38-A5EFA86EC68C} => pcalua.exe -a "C:\Useful Stuff - June 2012\Progs from TV ARK\virtualdubmpeg2\VirtualDub-MPEG2\auxsetup.exe" -d "C:\Useful Stuff - June 2012\Progs from TV ARK\virtualdubmpeg2\VirtualDub-MPEG2"
Task: {11D68C2B-702A-4257-B70F-E2A2B77FD512} - System32\Tasks\{DFC576D6-288B-4B0D-B732-30BD6EF14C49} => pcalua.exe -a "C:\Useful Stuff - June 2012\Soundforge 9 from TVARK\crack\sony.sound.forge.9.0c.build.405-NoPE.exe" -d "C:\Useful Stuff - June 2012\Soundforge 9 from TVARK\crack"
Task: {188B21E9-D194-4F6A-95DA-D2D73BE4736E} - System32\Tasks\{D167BAE1-4083-4A16-BE2B-BB645DC81BD8} => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe [2013-11-11] (Alcatel-Lucent)
Task: {202A4108-8AEE-4E65-858A-4B71E3D4A393} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20E0C8BD-EBFB-4640-83EB-23A90F781835} - System32\Tasks\{AA6223A2-0077-4589-AC41-5CEFA501B9C2} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {272FC52B-CDB5-43BB-882A-689C7E0BE543} - System32\Tasks\helper_king_updating_service => C:\Program Files (x86)\helper king\helper_king_updating_service.exe
Task: {2AEC56F4-C912-4D01-A57A-9B7C4851A7B4} - System32\Tasks\Simon Harries DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {391275CF-6A7A-409A-882D-B6145EBCA4AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {3DE241CC-3AA7-4B1A-B76A-1E19A4B7C10A} - System32\Tasks\ItI78RqBO8wx3 => C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3.exe
Task: {4B505419-B3C8-446E-9CA7-321CE5129ED1} - System32\Tasks\BGCOB => C:\Users\Simon Harries\AppData\Roaming\BGCOB.exe <==== ATTENTION
Task: {544D999E-E812-47B0-A5DB-69C677E747D1} - System32\Tasks\{F22F8F08-C517-4C7C-B213-0BE2C0BF0F9D} => pcalua.exe -a "C:\Users\Simon Harries\AppData\Local\Temp\Temp2_NS4.zip\NS4\Disk1\setup.exe"
Task: {54E9B576-8D39-4535-9692-0744F8FB7923} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {5CE729C4-AAF2-40A7-93B3-F9CD29D53F81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-02] (Adobe Systems Incorporated)
Task: {77349FFA-0738-4A1C-B785-613193951229} - System32\Tasks\{6A70BAE2-50C4-4760-A782-B5E1478A7E9D} => pcalua.exe -a D:\setup.exe -d D:\
Task: {8A88732B-454E-4808-A964-DB70043071CB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1620838597-635671493-4020915475-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {96FD2431-DD7B-436E-9345-BB0DA884EF77} - System32\Tasks\helper_king_notification_service => C:\Program Files (x86)\helper king\helper_king_notification_service.exe
Task: {99FB14D9-22E6-44F2-BCB8-306B64563B80} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1620838597-635671493-4020915475-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {9CCDD885-5EAC-4CE3-A972-0C61153CB16C} - System32\Tasks\AdobeAAMUpdater-1.0-Simon-PC-Simon Harries => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-01-24] (Adobe Systems Incorporated)
Task: {9E050163-B927-4964-96AA-45F269090535} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AD9961D4-1AB0-49AE-94B2-9E0A58B7A765} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {B35755DB-2BCD-4B68-9AC1-7CE7E4DC56BA} - System32\Tasks\VLJUVMT => C:\Users\Simon Harries\AppData\Roaming\VLJUVMT.exe <==== ATTENTION
Task: {B491F7BC-14A5-4B31-8A0F-3E5347D97C06} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D77A84C9-F8C3-4709-A066-4E849DBA67B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {E19CBC46-918D-493B-90C4-5CAA5ADEDBE8} - System32\Tasks\{4228B425-B0D5-41FB-94F3-A1A6E51529BB} => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe [2013-11-11] (Alcatel-Lucent)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BGCOB.job => C:\Users\Simon Harries\AppData\Roaming\BGCOB.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\helper_king_notification_service.job => C:\Program Files (x86)\helper king\helper_king_notification_service.exeç/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='helper king' /appid='73143' /srcid='2913' /bic='c80a1d584d568dd81300504041eada6d' /verifier='8d39732db630fb643acf5946aaa901d2' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif?' /installationtime='1427906761' /runfrom='task' /brwtype='notbg' /postponedhours='6'.Sim
Task: C:\Windows\Tasks\helper_king_updating_service.job => C:\Program Files (x86)\helper king\helper_king_updating_service.exe¬ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=helper_king_updating_service /funurl=http:/stats.buildomserv.com
Task: C:\Windows\Tasks\ItI78RqBO8wx3.job => C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3.exe
Task: C:\Windows\Tasks\VLJUVMT.job => C:\Users\Simon Harries\AppData\Roaming\VLJUVMT.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-15 12:36 - 2011-10-21 17:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-06 14:18 - 2015-01-06 14:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2011-03-01 23:14 - 2011-03-01 23:14 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Simon Harries\Cookies:a7dP5gmDxMWNYDpRgL5irjL
AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:bEKR1DIHW3xLarnNstx7rkLTThfuc
AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:ITppCZk9JDyaYIWh2MRE1VO7IGe

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1620838597-635671493-4020915475-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Simon Harries\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Accounts: =============================

Administrator (S-1-5-21-1620838597-635671493-4020915475-500 - Administrator - Disabled)
Guest (S-1-5-21-1620838597-635671493-4020915475-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1620838597-635671493-4020915475-1002 - Limited - Enabled)
Simon Harries (S-1-5-21-1620838597-635671493-4020915475-1000 - Administrator - Enabled) => C:\Users\Simon Harries

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 07:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 07:39:24 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (04/03/2015 07:32:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 07:31:58 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (04/03/2015 07:27:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/03/2015 07:27:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (04/03/2015 11:41:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 09:11:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.0.5563, time stamp: 0x5514e0c0
Faulting module name: mozalloc.dll, version: 37.0.0.5563, time stamp: 0x5514d213
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x198
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/03/2015 09:11:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 37.0.0.5563 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4fc

Start Time: 01d06de5a948002d

Termination Time: 30

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: fde1130f-d9d8-11e4-b255-50e54919a016

Error: (04/03/2015 09:09:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.0.5563, time stamp: 0x5514e0c0
Faulting module name: mozalloc.dll, version: 37.0.0.5563, time stamp: 0x5514d213
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0xb5c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (04/03/2015 07:36:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The BT Help Wizard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/03/2015 07:36:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/03/2015 07:36:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly. It has done this 2 time(s).

Error: (04/03/2015 07:36:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fitbit Connect Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/03/2015 07:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 07:39:24 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (04/03/2015 07:32:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 07:31:58 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (04/03/2015 07:27:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdatem) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (04/03/2015 07:27:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service globalUpdate Update Service (globalUpdate) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (04/03/2015 11:41:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 09:11:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.0.55635514e0c0mozalloc.dll37.0.0.55635514d2138000000300001aa119801d06de5abdde5caC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll08fc6767-d9d9-11e4-b255-50e54919a016

Error: (04/03/2015 09:11:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe37.0.0.55634fc01d06de5a948002d30C:\Program Files (x86)\Mozilla Firefox\firefox.exefde1130f-d9d8-11e4-b255-50e54919a016

Error: (04/03/2015 09:09:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.0.55635514e0c0mozalloc.dll37.0.0.55635514d2138000000300001aa1b5c01d06de3ad39b382C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc54684cc-d9d8-11e4-b255-50e54919a016


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G840 @ 2.80GHz
Percentage of memory in use: 39%
Total physical RAM: 8086.17 MB
Available physical RAM: 4895.79 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 13225.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:165.3 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:209.71 GB) NTFS
Drive g: (My Book) (Fixed) (Total:2794.49 GB) (Free:367.24 GB) NTFS
Drive l: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7AE34E80)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1A90517F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End Of Log ============================
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby harries71 » April 3rd, 2015, 2:53 pm

Hello there, I enjoyed going this fascinating process. I hope it gives you the information you need to offer more advice?
Thanks so much for your assistance so far and I look forward to hearing from you as regards the next stage.
Kindest regards,
Simon H
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 4th, 2015, 6:46 am

Hi Simon.
Thanks so much for your assistance so far

You're welcome.
I enjoyed going this fascinating process

Are we having fun? :D
Within the last 2 days I have noticed some kind of adware when I use Firefox. It causes adverts to appear on screen - when I try to close the adverts, they force me to visit a website called 'Online Advertising Support'.
Can you give me an update please, are you still seeing these adverts?

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Java 7 Update 11 (64-bit)
Java SE Development Kit 7 Update 11 (64-bit)


Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {26d05591-6056-11e3-b681-50e54919a016} - F:\unlock.exe autoplay=true
    HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {44c4e00b-b6f1-11e1-a56f-50e54919a016} - E:\unlock.exe autoplay=true
    HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {777f91dd-3a92-11e3-86ec-50e54919a016} - E:\Unlock.exe autoplay=true
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [Not Found]
    S4 Sffosvrnspvu; No ImagePath
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    2015-04-01 17:46 - 2015-04-03 19:38 - 00001030 _____ () C:\Windows\Tasks\ItI78RqBO8wx3.job
    2015-04-01 17:46 - 2015-04-01 17:46 - 00004072 _____ () C:\Windows\System32\Tasks\ItI78RqBO8wx3
    2015-03-31 09:14 - 2015-03-31 09:14 - 00004387 _____ () C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3
    2015-04-03 19:38 - 2014-10-13 11:27 - 00001716 _____ () C:\Windows\Tasks\VLJUVMT.job
    2015-04-03 19:38 - 2014-10-13 11:27 - 00001368 _____ () C:\Windows\Tasks\BGCOB.job
    2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Simon Harries\AppData\Roaming\BGCOB
    2015-03-31 09:14 - 2015-03-31 09:14 - 0004387 _____ () C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3
    2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Simon Harries\AppData\Roaming\VLJUVMT
    C:\Users\Simon Harries\AppData\Local\Temp\Quarantine.exe
    C:\Users\Simon Harries\AppData\Local\Temp\sqlite3.dll
    Task: C:\Windows\Tasks\BGCOB.job => C:\Users\Simon Harries\AppData\Roaming\BGCOB.exe <==== ATTENTION
    Task: C:\Windows\Tasks\VLJUVMT.job => C:\Users\Simon Harries\AppData\Roaming\VLJUVMT.exe <==== ATTENTION
    AlternateDataStreams: C:\Users\Simon Harries\Cookies:a7dP5gmDxMWNYDpRgL5irjL
    AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:bEKR1DIHW3xLarnNstx7rkLTThfuc
    AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:ITppCZk9JDyaYIWh2MRE1VO7IGe
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 7:28 am

Hi Cypher,

I'm still reeling from yesterday's revelation that I had 124 items of Malware on my PC - thankfully, all safely quarantined and removed!

This morning I was still seeing the adverts in Firefox.

So as you directed, I uninstalled the two Java programs and ran the code in conjuction with FRST64, which prompted a reboot. The Fixlog.txt details are attached below. Current update is that there are still some adverts running on Firefox, though not as many as before. Long horizontal panel ads appear within the webpage itself (on bbc.co.uk, interspersed among BBC news items), but no advert panels slide on from the sides of the screen or pop up in front of it as they did before.

S
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 7:28 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Simon Harries at 2015-04-04 12:18:15 Run:1
Running from C:\Users\Simon Harries\Windows 7 Stuff\Desktop
Loaded Profiles: Simon Harries (Available profiles: Simon Harries)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {26d05591-6056-11e3-b681-50e54919a016} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {44c4e00b-b6f1-11e1-a56f-50e54919a016} - E:\unlock.exe autoplay=true
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\MountPoints2: {777f91dd-3a92-11e3-86ec-50e54919a016} - E:\Unlock.exe autoplay=true
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [Not Found]
S4 Sffosvrnspvu; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
2015-04-01 17:46 - 2015-04-03 19:38 - 00001030 _____ () C:\Windows\Tasks\ItI78RqBO8wx3.job
2015-04-01 17:46 - 2015-04-01 17:46 - 00004072 _____ () C:\Windows\System32\Tasks\ItI78RqBO8wx3
2015-03-31 09:14 - 2015-03-31 09:14 - 00004387 _____ () C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3
2015-04-03 19:38 - 2014-10-13 11:27 - 00001716 _____ () C:\Windows\Tasks\VLJUVMT.job
2015-04-03 19:38 - 2014-10-13 11:27 - 00001368 _____ () C:\Windows\Tasks\BGCOB.job
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Simon Harries\AppData\Roaming\BGCOB
2015-03-31 09:14 - 2015-03-31 09:14 - 0004387 _____ () C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Simon Harries\AppData\Roaming\VLJUVMT
C:\Users\Simon Harries\AppData\Local\Temp\Quarantine.exe
C:\Users\Simon Harries\AppData\Local\Temp\sqlite3.dll
Task: C:\Windows\Tasks\BGCOB.job => C:\Users\Simon Harries\AppData\Roaming\BGCOB.exe <==== ATTENTION
Task: C:\Windows\Tasks\VLJUVMT.job => C:\Users\Simon Harries\AppData\Roaming\VLJUVMT.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Simon Harries\Cookies:a7dP5gmDxMWNYDpRgL5irjL
AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:bEKR1DIHW3xLarnNstx7rkLTThfuc
AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:ITppCZk9JDyaYIWh2MRE1VO7IGe

EmptyTemp:
CMD: ipconfig /flushdns

*****************

"HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26d05591-6056-11e3-b681-50e54919a016}" => Key deleted successfully.
HKCR\CLSID\{26d05591-6056-11e3-b681-50e54919a016} => Key not found.
"HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44c4e00b-b6f1-11e1-a56f-50e54919a016}" => Key deleted successfully.
HKCR\CLSID\{44c4e00b-b6f1-11e1-a56f-50e54919a016} => Key not found.
"HKU\S-1-5-21-1620838597-635671493-4020915475-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{777f91dd-3a92-11e3-86ec-50e54919a016}" => Key deleted successfully.
HKCR\CLSID\{777f91dd-3a92-11e3-86ec-50e54919a016} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
"HKCR\PROTOCOLS\Handler\livecall" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
"HKCR\PROTOCOLS\Handler\msnim" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edmgmpmklgfbohogafcfobonnkogchec" => Key deleted successfully.
Sffosvrnspvu => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
C:\Windows\Tasks\ItI78RqBO8wx3.job => Moved successfully.
C:\Windows\System32\Tasks\ItI78RqBO8wx3 => Moved successfully.
C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3 => Moved successfully.
C:\Windows\Tasks\VLJUVMT.job => Moved successfully.
C:\Windows\Tasks\BGCOB.job => Moved successfully.
C:\Users\Simon Harries\AppData\Roaming\BGCOB => Moved successfully.
"C:\Users\Simon Harries\AppData\Roaming\ItI78RqBO8wx3" => File/Directory not found.
C:\Users\Simon Harries\AppData\Roaming\VLJUVMT => Moved successfully.
C:\Users\Simon Harries\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Simon Harries\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Windows\Tasks\BGCOB.job not found.
C:\Windows\Tasks\VLJUVMT.job not found.
"C:\Users\Simon Harries\Cookies" => ":a7dP5gmDxMWNYDpRgL5irjL" ADS not found.
"C:\Users\Simon Harries\AppData\Local\Temporary Internet Files" => ":bEKR1DIHW3xLarnNstx7rkLTThfuc" ADS not found.
"C:\Users\Simon Harries\AppData\Local\Temporary Internet Files" => ":ITppCZk9JDyaYIWh2MRE1VO7IGe" ADS not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 147.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 12:18:56 ====
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby Cypher » April 4th, 2015, 7:57 am

Hi Simon.
Current update is that there are still some adverts running on Firefox, though not as many as before. Long horizontal panel ads appear within the webpage itself (on bbc.co.uk, interspersed among BBC news items), but no advert panels slide on from the sides of the screen or pop up in front of it as they did before.

Ok we need to look a little deeper.
First to avoid confusion delete the FRST logs that are on your desktop.

Rerun FRST

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Ensure Addition.txt is ticked.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • It will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.
Next.

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :filefind
    *SoftwareUpdater*
    *SpeedChecker*
    *Amonetize*
    *CrossRider*
    *TornTV*
    *whitesmoke*
    *GlobalUpdate*
    *PriceGong*
    
    :folderfind
    *SoftwareUpdater*
    *SpeedChecker*
    *Amonetize*
    *CrossRider*
    *TornTV*
    *whitesmoke*
    *GlobalUpdate*
    *PriceGong*
    
    :Regfind
    SoftwareUpdater
    SpeedChecker
    Amonetize
    CrossRider
    TornTV
    GlobalUpdate
    WhiteSmoke
    PriceGong
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

  • FRST.txt and Addition.txt contents.
  • SystemLook.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 8:29 am

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Simon Harries (administrator) on SIMON-PC on 04-04-2015 13:26:55
Running from C:\Users\Simon Harries\Windows 7 Stuff\Desktop
Loaded Profiles: Simon Harries (Available profiles: Simon Harries)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13370472 2011-11-18] (Realtek Semiconductor)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://bbc.co.uk/
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-06-17] (RealPlayer)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - IP Tool - {766fc80d-2bbc-402b-9544-a5485f9ef2f3} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Simon Harries\AppData\Roaming\Mozilla\Firefox\Profiles\vr5pke1c.default-1428014804228
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-02] ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-01-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @asperasoft.com/AsperaConnect -> C:\Users\Simon Harries\AppData\Local\Programs\Aspera\Aspera Connect\lib\npasperaweb.dll [2012-03-01] (Aspera, Inc. )
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-03-25] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2013-03-25] (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-06-17] (RealPlayer)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll [2012-12-06] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-07] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-01-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1620838597-635671493-4020915475-1000: @asperasoft.com/AsperaConnect -> C:\Users\Simon Harries\AppData\Local\Programs\Aspera\Aspera Connect\lib\npasperaweb.dll [2012-03-01] (Aspera, Inc. )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-15] (Apple Inc.)
FF Extension: BT DesktopHelp extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-03-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-03-21]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-17]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-07-02] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [1924608 2014-10-15] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 AVer330USB; C:\Windows\System32\DRIVERS\AVer330USB.sys [1550464 2014-11-05] (AVerMedia TECHNOLOGIES, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-06-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-22] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-22] (RapidSolution Software AG)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 12:08 - 2015-04-04 12:14 - 00000279 _____ () C:\Users\Simon Harries\note.txt
2015-04-04 09:07 - 2015-04-04 09:12 - 00001035 _____ () C:\Users\Simon Harries\check.txt
2015-04-03 19:47 - 2015-04-04 13:26 - 00000000 ____D () C:\FRST
2015-04-03 19:27 - 2015-04-03 19:36 - 00000000 ____D () C:\AdwCleaner
2015-04-03 19:07 - 2015-04-04 09:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-03 19:06 - 2015-04-03 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-03 19:06 - 2015-04-03 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-03 19:06 - 2015-04-03 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-03 19:06 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-03 19:06 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-03 19:06 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-03 19:04 - 2015-04-03 19:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SIMON-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-03 19:03 - 2015-04-03 19:03 - 00000000 ____D () C:\RegBackup
2015-04-03 19:02 - 2015-04-03 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-03 19:02 - 2015-04-03 19:02 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-03 15:48 - 2015-04-03 18:56 - 2908906496 _____ () C:\Users\Simon Harries\Outlook-Complete-03-04-15.pst
2015-04-03 08:44 - 2015-04-04 12:20 - 00000448 _____ () C:\Windows\setupact.log
2015-04-03 08:44 - 2015-04-03 08:44 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-03 08:43 - 2015-04-04 12:20 - 00022192 _____ () C:\Windows\PFRO.log
2015-04-03 08:43 - 2015-04-03 08:50 - 05149128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 23:37 - 2015-04-02 23:37 - 00159232 _____ () C:\Users\Simon Harries\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-02 23:35 - 2015-04-02 23:35 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-02 23:35 - 2015-04-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 08:13 - 2015-04-02 08:13 - 00002806 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-01 18:46 - 2015-04-02 22:53 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 17:46 - 2015-04-04 12:46 - 00001336 _____ () C:\Windows\Tasks\helper_king_notification_service.job
2015-04-01 17:46 - 2015-04-04 12:21 - 00000698 _____ () C:\Windows\Tasks\helper_king_updating_service.job
2015-04-01 17:46 - 2015-04-02 22:56 - 00000000 ____D () C:\Program Files (x86)\helper king
2015-04-01 17:46 - 2015-04-01 17:46 - 00004374 _____ () C:\Windows\System32\Tasks\helper_king_notification_service
2015-04-01 17:46 - 2015-04-01 17:46 - 00003738 _____ () C:\Windows\System32\Tasks\helper_king_updating_service
2015-03-27 08:30 - 2015-03-27 08:30 - 00086477 _____ () C:\Users\Simon Harries\259B-Dux.txt
2015-03-25 02:09 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 02:09 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 02:09 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 02:09 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 02:09 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 02:09 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 02:09 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 02:09 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-21 23:28 - 2015-04-02 23:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-17 23:53 - 2015-03-22 08:49 - 00001730 _____ () C:\Users\Simon Harries\r.txt
2015-03-17 21:47 - 2015-03-17 21:47 - 00000000 ____D () C:\Users\Simon Harries\dwhelper
2015-03-13 08:53 - 2015-03-13 08:53 - 00000000 ____D () C:\Users\Simon Harries\AppData\Local\Seagate_Technology_LLC
2015-03-10 20:58 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 20:58 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 20:58 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 20:58 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 20:58 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 20:58 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 20:58 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 20:58 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 20:58 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 20:58 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 20:57 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 20:57 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 20:57 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 20:57 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 20:57 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 20:57 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 20:57 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 20:57 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 20:57 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 20:57 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 20:57 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 20:57 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 20:57 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 20:57 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 20:57 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 20:56 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 20:56 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 20:56 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 20:56 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 20:56 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 20:56 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 20:56 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 20:56 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 20:56 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 20:56 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 20:56 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 20:56 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 20:56 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 20:56 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 20:56 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 20:56 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 20:56 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 20:56 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 20:56 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 20:56 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 20:56 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 20:56 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 20:56 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 20:53 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 20:53 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 20:53 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 20:53 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 20:53 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 20:53 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 20:52 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 20:52 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 20:52 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 20:52 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 20:52 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 20:52 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 20:52 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 20:52 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 20:52 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 20:52 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 20:52 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 20:52 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 20:52 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 20:52 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 20:52 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 20:52 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 20:52 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 20:52 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 20:51 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 20:51 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 20:51 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 20:51 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 20:51 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 20:51 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 20:51 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 20:51 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 20:51 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 20:51 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 20:51 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 20:51 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 20:51 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 20:51 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 20:51 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 20:51 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 20:51 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 20:51 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 20:51 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 20:51 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 20:51 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 20:51 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 20:51 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 20:51 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 20:51 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 20:51 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 20:51 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 20:51 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 20:51 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 20:51 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 20:51 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 20:51 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 20:51 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 20:51 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 20:51 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 20:51 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 20:51 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 20:51 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 20:51 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 20:51 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 20:51 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 20:51 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 20:51 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 20:51 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 20:51 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 20:51 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 20:51 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 20:51 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 20:51 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 20:51 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 20:51 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 20:51 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 20:51 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 20:51 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 20:51 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 20:51 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 20:51 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 20:50 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 20:50 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-05 23:34 - 2015-03-05 23:34 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-05 23:34 - 2015-03-05 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-05 23:32 - 2015-03-05 23:34 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-05 23:32 - 2015-03-05 23:34 - 00000000 ____D () C:\Program Files\iTunes
2015-03-05 23:32 - 2015-03-05 23:32 - 00000000 ____D () C:\Program Files\iPod
2015-03-05 23:32 - 2015-03-05 23:32 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-04 13:26 - 2012-06-15 12:22 - 00000000 ____D () C:\Users\Simon Harries
2015-04-04 12:50 - 2013-03-23 14:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-04 12:30 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 12:30 - 2009-07-14 05:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 12:27 - 2012-06-15 12:13 - 01499304 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 12:23 - 2012-08-21 23:21 - 05939712 ___SH () C:\Users\Simon Harries\Thumbs.db
2015-04-04 12:22 - 2014-11-29 10:45 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-04-04 12:21 - 2014-02-26 22:36 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-04 12:21 - 2013-03-23 14:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 12:21 - 2012-06-15 19:14 - 00000000 ____D () C:\ProgramData\Kodak
2015-04-04 12:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 12:19 - 2015-02-07 17:43 - 00000000 ____D () C:\video-from-laptop
2015-04-04 12:03 - 2012-06-16 00:24 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\vlc
2015-04-04 11:28 - 2014-06-14 20:21 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-04 10:37 - 2014-06-21 20:37 - 00000000 ____D () C:\Users\Simon Harries\AppData\Local\Adobe
2015-04-04 09:51 - 2009-07-14 06:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 20:10 - 2012-06-15 13:32 - 00000000 ____D () C:\Useful Stuff - June 2012
2015-04-03 19:30 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance
2015-04-03 19:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-04-03 19:22 - 2012-06-19 17:51 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter
2015-04-03 08:57 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-02 23:27 - 2014-10-05 18:14 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gramblr
2015-04-02 23:27 - 2012-10-21 17:27 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-02 22:52 - 2012-06-15 12:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 08:15 - 2012-06-18 10:58 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-02 08:13 - 2012-06-16 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-02 00:28 - 2012-06-15 12:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-02 00:28 - 2012-06-15 12:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-02 00:28 - 2012-06-15 12:46 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-02 00:13 - 2012-12-02 12:31 - 00000000 ____D () C:\Windows\pss
2015-03-28 14:53 - 2014-12-31 11:49 - 00000000 ____D () C:\Users\Simon Harries\.get_iplayer
2015-03-25 04:16 - 2014-12-11 04:29 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 04:16 - 2014-05-06 23:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 09:13 - 2015-02-28 13:21 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\HandBrake
2015-03-19 07:52 - 2012-07-04 13:40 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\dvdcss
2015-03-18 01:42 - 2013-12-11 22:10 - 00000000 ___RD () C:\Users\Simon Harries\Dropbox
2015-03-18 01:42 - 2012-10-21 17:26 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\Dropbox
2015-03-14 14:12 - 2012-06-19 13:54 - 00000000 ____D () C:\Users\Simon Harries\AppData\Roaming\Spotify
2015-03-14 14:12 - 2012-06-19 13:54 - 00000000 ____D () C:\Users\Simon Harries\AppData\Local\Spotify
2015-03-14 10:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 22:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 08:20 - 2012-06-16 00:15 - 00000000 ____D () C:\Users\Simon Harries\Windows 7 Stuff
2015-03-11 08:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 08:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-10 23:52 - 2012-06-15 18:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 23:52 - 2009-07-14 03:34 - 00000499 _____ () C:\Windows\win.ini
2015-03-10 23:47 - 2013-08-16 00:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 23:39 - 2012-06-15 13:39 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 20:50 - 2013-10-19 23:10 - 00000000 ____D () C:\DVD Archive
2015-03-07 19:58 - 2012-06-16 00:14 - 00000000 ____D () C:\ProgramData\DVD Shrink
2015-03-05 23:32 - 2012-06-19 13:42 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2013-11-25 10:01 - 2014-08-31 23:34 - 0000121 _____ () C:\Users\Simon Harries\AppData\Roaming\Camdata.ini
2013-11-25 10:01 - 2014-08-31 23:34 - 0000408 _____ () C:\Users\Simon Harries\AppData\Roaming\CamLayout.ini
2013-11-25 10:01 - 2014-08-31 23:34 - 0000408 _____ () C:\Users\Simon Harries\AppData\Roaming\CamShapes.ini
2013-11-25 10:01 - 2014-08-31 23:34 - 0004416 _____ () C:\Users\Simon Harries\AppData\Roaming\CamStudio.cfg
2013-01-03 22:13 - 2013-01-03 22:14 - 0310580 _____ () C:\Users\Simon Harries\AppData\Roaming\CodecsLE_Install.log
2012-09-08 14:51 - 2012-09-08 14:54 - 0038438 _____ () C:\Users\Simon Harries\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-09-24 23:33 - 2012-09-30 22:46 - 0038461 _____ () C:\Users\Simon Harries\AppData\Roaming\Microsoft Excel 97-2003.ADR
2012-09-08 13:55 - 2014-11-15 15:27 - 0013014 _____ () C:\Users\Simon Harries\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-08 13:54 - 2013-04-23 15:18 - 0003361 _____ () C:\Users\Simon Harries\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-09-08 13:55 - 2014-11-15 15:27 - 0004774 _____ () C:\Users\Simon Harries\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-16 23:44 - 2014-11-15 15:27 - 0004235 _____ () C:\Users\Simon Harries\AppData\Roaming\Rim.Transcoder.Exception.log
2012-09-16 23:44 - 2014-11-15 15:24 - 0052224 _____ () C:\Users\Simon Harries\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-15 22:28 - 2014-08-10 10:00 - 0000236 _____ () C:\Users\Simon Harries\AppData\Local\LaunchHomeCenter.log
2013-12-08 22:50 - 2014-09-29 21:12 - 0007601 _____ () C:\Users\Simon Harries\AppData\Local\resmon.resmoncfg
2012-06-15 19:01 - 2012-06-15 19:01 - 0017408 _____ () C:\Users\Simon Harries\AppData\Local\WebpageIcons.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 13:11

==================== End Of Log ============================
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 8:30 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Simon Harries at 2015-04-04 13:27:27
Running from C:\Users\Simon Harries\Windows 7 Stuff\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
ABC Amber Audio Converter (HKLM-x32\...\ABC Amber Audio Converter) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Premiere Pro 1.5 (HKLM-x32\...\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}) (Version: 1.5 - Adobe Systems, Inc.)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Amazon Music (HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aspera Connect (HKLM-x32\...\{D536E3C2-8204-43E4-A697-18070972C0A9}) (Version: 2.7.8.51644 - Aspera, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audials (HKLM-x32\...\{7D34F546-683D-47A9-91A0-7DE863DF048C}) (Version: 10.2.14807.700 - Audials AG)
AVerMedia C875 Live Gamer Portable 3.7.64.37 (HKLM-x32\...\AVerMedia C875 Live Gamer Portable) (Version: 3.7.64.37 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral (HKLM-x32\...\InstallShield_{30D6B6ED-E039-4D62-8E07-E058D17A9372}) (Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.)
AVerMedia RECentral (x32 Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
Avid Codecs LE (HKLM-x32\...\{6CA8F328-2590-4232-9A2D-B50F72F41863}) (Version: 2.3.8 - Avid Technology, Inc.)
Avidemux 2.5 (HKLM-x32\...\Avidemux 2.5 (64-bit)) (Version: 2.5.6.7716 - )
BBC iPlayer Downloads (HKLM-x32\...\{D8753E3F-B86E-4BA6-A44A-6D92BFB38519}) (Version: 1.11.0 - BBC)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlackBerry App World Browser Plugin (HKLM-x32\...\{A21CC8D4-7BA8-4AA9-9F2E-EEF54D5F7E71}) (Version: 4.2.1.12 - Research In Motion Limited)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{38676C9C-270F-43D1-926A-E45DE8820A6B}) (Version: 7.1.0.34 - Research In Motion Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\Digital Photo Professional) (Version: 3.11.27.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.11.2.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.0.1.32 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.10.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CuteFTP 8 Lite (HKLM-x32\...\{ED5761A3-C109-4E0E-8241-19DB67E66BED}) (Version: 8.3.4 - GlobalSCAPE)
Digital Theatre Player 4.0 (HKLM-x32\...\com.digitaltheatre.DTPlayer) (Version: 4.0 - Digital Theatre.Com Limited)
Digital Theatre Player 4.0 (x32 Version: 4.0 - Digital Theatre.Com Limited) Hidden
Dropbox (HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Easy Tune 6 B11.1206.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.1206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
get_iplayer 4.9 (HKLM-x32\...\get_iplayer) (Version: 4.9 - infradead.org)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
IP Tool (HKLM-x32\...\IPTool) (Version: - iPrivacyTools.com)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Miraizon DNxHD and ProRes for QuickTime (HKLM-x32\...\DNxHDProResQTV2) (Version: 2.0.1.1 - Miraizon)
Mozilla Firefox 37.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 en-GB)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
NEF to JPG (HKLM-x32\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version: - neftojpg.com)
Nero 7 Premium (HKLM-x32\...\{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}) (Version: 7.02.0936 - Nero AG)
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
Noise Reduction Plug-in 2.0 (HKLM-x32\...\{BF4742B0-7A7B-11E1-AFD0-F04DA23A5C58}) (Version: 2.0.471 - Sony)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PDFConverter Desktop (HKLM-x32\...\PDFConverter Desktop_is1) (Version: - Baltsoft Software)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QT Lite 4.1.0 (HKLM-x32\...\quicktime_lite_is1) (Version: 4.1.0 - )
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sound Forge Pro 10.0 (HKLM-x32\...\{B0E59B80-7A77-11E1-A6FE-F04DA23A5C58}) (Version: 10.0.503 - Sony)
Spotify (HKU\S-1-5-21-1620838597-635671493-4020915475-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
TV-Ark Page Generator (HKLM-x32\...\{608DBD2A-8329-427C-A6D2-958823676C78}) (Version: 1.0.21 - Team)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SES Driver Setup (x32 Version: 1.0.1.6 - Western Digital) Hidden
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon Harries\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

03-04-2015 21:17:00 Scheduled Checkpoint
04-04-2015 12:06:35 Removed Java 7 Update 11 (64-bit)
04-04-2015 12:10:02 Removed Java SE Development Kit 7 Update 11 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02B6D443-792E-4448-8FEA-A6C3DD3A1982} - System32\Tasks\{49E3BB4C-D5F2-43FE-92F8-B8D2EDDC145D} => pcalua.exe -a "C:\Users\Simon Harries\AppData\Local\Temp\Temp3_NS4.zip\NS4\Disk1\setup.exe"
Task: {0A28D829-B917-4CA3-A9DB-154C06A321C7} - System32\Tasks\{54221842-8EAF-4A33-BF38-A5EFA86EC68C} => pcalua.exe -a "C:\Useful Stuff - June 2012\Progs from TV ARK\virtualdubmpeg2\VirtualDub-MPEG2\auxsetup.exe" -d "C:\Useful Stuff - June 2012\Progs from TV ARK\virtualdubmpeg2\VirtualDub-MPEG2"
Task: {11D68C2B-702A-4257-B70F-E2A2B77FD512} - System32\Tasks\{DFC576D6-288B-4B0D-B732-30BD6EF14C49} => pcalua.exe -a "C:\Useful Stuff - June 2012\Soundforge 9 from TVARK\crack\sony.sound.forge.9.0c.build.405-NoPE.exe" -d "C:\Useful Stuff - June 2012\Soundforge 9 from TVARK\crack"
Task: {188B21E9-D194-4F6A-95DA-D2D73BE4736E} - System32\Tasks\{D167BAE1-4083-4A16-BE2B-BB645DC81BD8} => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe [2013-11-11] (Alcatel-Lucent)
Task: {202A4108-8AEE-4E65-858A-4B71E3D4A393} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20E0C8BD-EBFB-4640-83EB-23A90F781835} - System32\Tasks\{AA6223A2-0077-4589-AC41-5CEFA501B9C2} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {272FC52B-CDB5-43BB-882A-689C7E0BE543} - System32\Tasks\helper_king_updating_service => C:\Program Files (x86)\helper king\helper_king_updating_service.exe
Task: {2AEC56F4-C912-4D01-A57A-9B7C4851A7B4} - System32\Tasks\Simon Harries DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {391275CF-6A7A-409A-882D-B6145EBCA4AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {3DE241CC-3AA7-4B1A-B76A-1E19A4B7C10A} - \ItI78RqBO8wx3 No Task File <==== ATTENTION
Task: {4B505419-B3C8-446E-9CA7-321CE5129ED1} - System32\Tasks\BGCOB => C:\Users\Simon Harries\AppData\Roaming\BGCOB.exe <==== ATTENTION
Task: {544D999E-E812-47B0-A5DB-69C677E747D1} - System32\Tasks\{F22F8F08-C517-4C7C-B213-0BE2C0BF0F9D} => pcalua.exe -a "C:\Users\Simon Harries\AppData\Local\Temp\Temp2_NS4.zip\NS4\Disk1\setup.exe"
Task: {54E9B576-8D39-4535-9692-0744F8FB7923} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {5CE729C4-AAF2-40A7-93B3-F9CD29D53F81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-02] (Adobe Systems Incorporated)
Task: {77349FFA-0738-4A1C-B785-613193951229} - System32\Tasks\{6A70BAE2-50C4-4760-A782-B5E1478A7E9D} => pcalua.exe -a D:\setup.exe -d D:\
Task: {8A88732B-454E-4808-A964-DB70043071CB} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1620838597-635671493-4020915475-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {96FD2431-DD7B-436E-9345-BB0DA884EF77} - System32\Tasks\helper_king_notification_service => C:\Program Files (x86)\helper king\helper_king_notification_service.exe
Task: {99FB14D9-22E6-44F2-BCB8-306B64563B80} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1620838597-635671493-4020915475-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {9CCDD885-5EAC-4CE3-A972-0C61153CB16C} - System32\Tasks\AdobeAAMUpdater-1.0-Simon-PC-Simon Harries => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-01-24] (Adobe Systems Incorporated)
Task: {9E050163-B927-4964-96AA-45F269090535} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AD9961D4-1AB0-49AE-94B2-9E0A58B7A765} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {B35755DB-2BCD-4B68-9AC1-7CE7E4DC56BA} - System32\Tasks\VLJUVMT => C:\Users\Simon Harries\AppData\Roaming\VLJUVMT.exe <==== ATTENTION
Task: {B491F7BC-14A5-4B31-8A0F-3E5347D97C06} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D77A84C9-F8C3-4709-A066-4E849DBA67B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {E19CBC46-918D-493B-90C4-5CAA5ADEDBE8} - System32\Tasks\{4228B425-B0D5-41FB-94F3-A1A6E51529BB} => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe [2013-11-11] (Alcatel-Lucent)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\helper_king_notification_service.job => C:\Program Files (x86)\helper king\helper_king_notification_service.exeç/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='helper king' /appid='73143' /srcid='2913' /bic='c80a1d584d568dd81300504041eada6d' /verifier='8d39732db630fb643acf5946aaa901d2' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif?' /installationtime='1427906761' /runfrom='task' /brwtype='notbg' /postponedhours='6'.Sim
Task: C:\Windows\Tasks\helper_king_updating_service.job => C:\Program Files (x86)\helper king\helper_king_updating_service.exe¬ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=helper_king_updating_service /funurl=http:/stats.buildomserv.com

==================== Loaded Modules (whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-19 11:33 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-15 12:36 - 2011-10-21 17:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-06 14:18 - 2015-01-06 14:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2011-03-01 23:14 - 2011-03-01 23:14 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 23:14 - 2011-03-01 23:14 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 23:15 - 2011-03-01 23:15 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Simon Harries\Cookies:a7dP5gmDxMWNYDpRgL5irjL
AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:bEKR1DIHW3xLarnNstx7rkLTThfuc
AlternateDataStreams: C:\Users\Simon Harries\AppData\Local\Temporary Internet Files:ITppCZk9JDyaYIWh2MRE1VO7IGe

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1620838597-635671493-4020915475-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Simon Harries\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Accounts: =============================

Administrator (S-1-5-21-1620838597-635671493-4020915475-500 - Administrator - Disabled)
Guest (S-1-5-21-1620838597-635671493-4020915475-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1620838597-635671493-4020915475-1002 - Limited - Enabled)
Simon Harries (S-1-5-21-1620838597-635671493-4020915475-1000 - Administrator - Enabled) => C:\Users\Simon Harries

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2015 00:22:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 00:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 65.1.168.192.in-addr.arpa. PTR Simon-PC.local.

Error: (04/04/2015 00:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 18 65.1.168.192.in-addr.arpa. PTR Simon-PC-2.local.

Error: (04/04/2015 08:03:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 08:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 65.1.168.192.in-addr.arpa. PTR Simon-PC.local.

Error: (04/04/2015 08:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 18 65.1.168.192.in-addr.arpa. PTR Simon-PC-2.local.

Error: (04/03/2015 07:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 07:39:24 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (04/03/2015 07:32:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 07:31:58 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:


System errors:
=============
Error: (04/04/2015 00:19:44 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVerRECentral service did not shut down properly after receiving a preshutdown control.

Error: (04/04/2015 00:18:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/04/2015 00:32:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVerRECentral service did not shut down properly after receiving a preshutdown control.

Error: (04/03/2015 07:36:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The BT Help Wizard service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/03/2015 07:36:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/03/2015 07:36:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly. It has done this 2 time(s).

Error: (04/03/2015 07:36:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Fitbit Connect Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/03/2015 07:36:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/04/2015 00:22:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 00:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 65.1.168.192.in-addr.arpa. PTR Simon-PC.local.

Error: (04/04/2015 00:21:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 18 65.1.168.192.in-addr.arpa. PTR Simon-PC-2.local.

Error: (04/04/2015 08:03:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2015 08:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 16 65.1.168.192.in-addr.arpa. PTR Simon-PC.local.

Error: (04/04/2015 08:02:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353 18 65.1.168.192.in-addr.arpa. PTR Simon-PC-2.local.

Error: (04/03/2015 07:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 07:39:24 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (04/03/2015 07:32:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2015 07:31:58 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G840 @ 2.80GHz
Percentage of memory in use: 30%
Total physical RAM: 8086.17 MB
Available physical RAM: 5642.95 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 13602.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:195.39 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:560.63 GB) NTFS
Drive g: (My Book) (Fixed) (Total:2794.49 GB) (Free:367.24 GB) NTFS
Drive l: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7AE34E80)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 1A904F71)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End Of Log ============================
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 8:38 am

SystemLook 04.09.10 by jpshortstuff
Log created at 13:31 on 04/04/2015 by Simon Harries
Administrator - Elevation successful

========== filefind ==========

Searching for "*SoftwareUpdater*"
No files found.

Searching for "*SpeedChecker*"
No files found.

Searching for "*Amonetize*"
No files found.

Searching for "*CrossRider*"
No files found.

Searching for "*TornTV*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*GlobalUpdate*"
No files found.

Searching for "*PriceGong*"
No files found.

========== folderfind ==========

Searching for "*SoftwareUpdater*"
No folders found.

Searching for "*SpeedChecker*"
No folders found.

Searching for "*Amonetize*"
No folders found.

Searching for "*CrossRider*"
No folders found.

Searching for "*TornTV*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*GlobalUpdate*"
No folders found.

Searching for "*PriceGong*"
No folders found.

========== Regfind ==========

Searching for "SoftwareUpdater"
No data found.

Searching for "SpeedChecker"
No data found.

Searching for "Amonetize"
No data found.

Searching for "CrossRider"
No data found.

Searching for "TornTV"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49D262F-604A-45E5-988A-151F8A2C1F2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63AAC20A-5A0-4A1D-8C7A-2CA89A2ADB1}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
"AppName"="TheTorntv V10-codedownloader.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
"AppName"="TheTorntv V10-bg.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEAB6BEC-4762-40AA-8A65-CF86E7F9ED6}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7616DA-858-41D1-AA1D-A85854C4F11C}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
"AppName"="TheTorntv V10-buttonutil64.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEDFAB7E-4B9-4695-8DF7-AE35772F9EB0}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F122AE0D-E4F4-4185-921D-692FE0C748DA}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F59B62D4-F56D-4298-B81F-5133112910C9}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA86571B-5756-4D09-8F63-B278A636B8C2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
"AppName"="TheTorntv V10-buttonutil.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="TornTvDownloader.File"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
[HKEY_CURRENT_USER\Software\Classes\TornTvDownloader.File]
[HKEY_CURRENT_USER\Software\Classes\TornTvDownloader.File]
@="TornTvDownloader.torrent File"
[HKEY_CURRENT_USER\Software\Classes\TornTvDownloader.File]
"FriendlyTypeName"="TornTvDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TornTvDownloader.File]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
"AppName"="TheTorntv V10-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
"AppName"="TheTorntv V10-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
"AppName"="TheTorntv V10-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
"AppName"="TheTorntv V10-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
"AppName"="TheTorntv V10-codedownloader.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
"AppName"="TheTorntv V10-bg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
"AppName"="TheTorntv V10-buttonutil64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
"AppName"="TheTorntv V10-buttonutil.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Torntv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Torntv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Torntv]
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49D262F-604A-45E5-988A-151F8A2C1F2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63AAC20A-5A0-4A1D-8C7A-2CA89A2ADB1}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
"AppName"="TheTorntv V10-codedownloader.exe"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68417b56-3d7a-429a-a598-f595d8165fe2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
"AppName"="TheTorntv V10-bg.exe"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769ba6fc-2ff3-4508-a278-bde6e70db05d}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEAB6BEC-4762-40AA-8A65-CF86E7F9ED6}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7616DA-858-41D1-AA1D-A85854C4F11C}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
"AppName"="TheTorntv V10-buttonutil64.exe"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cefcec6f-064b-4e4a-9099-8925f8efbfa2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEDFAB7E-4B9-4695-8DF7-AE35772F9EB0}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F122AE0D-E4F4-4185-921D-692FE0C748DA}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F59B62D4-F56D-4298-B81F-5133112910C9}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA86571B-5756-4D09-8F63-B278A636B8C2}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
"AppName"="TheTorntv V10-buttonutil.exe"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fbacdb05-e575-4e90-b2ef-92212246ce7a}]
"AppPath"="C:\Program Files (x86)\TheTorntv V10"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\.torrent]
@="TornTvDownloader.File"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\TornTvDownloader.File]
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\TornTvDownloader.File]
@="TornTvDownloader.torrent File"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000\Software\Classes\TornTvDownloader.File]
"FriendlyTypeName"="TornTvDownloader"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\.torrent]
@="TornTvDownloader.File"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\TornTvDownloader.File]
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\TornTvDownloader.File]
@="TornTvDownloader.torrent File"
[HKEY_USERS\S-1-5-21-1620838597-635671493-4020915475-1000_Classes\TornTvDownloader.File]
"FriendlyTypeName"="TornTvDownloader"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\TheTorntv V10]

Searching for "GlobalUpdate"
No data found.

Searching for "WhiteSmoke"
No data found.

Searching for "PriceGong"
No data found.

-= EOF =-
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am

Re: Adware in Firefox

Unread postby harries71 » April 4th, 2015, 8:39 am

Hi again Cypher, thanks so much for your continued assistance - I await your next instructions with interest.
Does this latest analysis mean that TornTV is still in operation on my system?
Best wishes, Simon H
harries71
Regular Member
 
Posts: 22
Joined: April 3rd, 2015, 5:41 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 120 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware