Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Continuing the Fight Against PDF ConverTer 1.0

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 4th, 2014, 5:09 pm

Hi everyone,

These posts are linked to an earlier case found at: viewtopic.php?f=11&t=62842#.U4-J1fQW3WN

With the help of pgmigg, I can give the following answers:

1. No problems executing the instructions
2. Contents of zoek-results.log file below:


Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by usr on Wed 04/06/2014 at 22:14:01.34.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\usr\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

4/06/2014 10:14:58 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default

user.js not found
---- Lines snap.do removed from prefs.js ----
user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"HttpInjection\\\":\\\"ht
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.selectedEngine", "Web Search");
---- Lines helperbar removed from prefs.js ----
user_pref("browser.newtab.url", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz2AsG0q
user_pref("browser.startup.homepage", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz
user_pref("extensions.helperbar.BackPageActive", true);
user_pref("extensions.helperbar.backPageCapacity", 3);
user_pref("extensions.helperbar.backPageCounter", 0);
user_pref("extensions.helperbar.backPageDay", 3);
user_pref("extensions.helperbar.backPageLastEvent", "1396342297796");
user_pref("extensions.helperbar.backPageMinInterval", 15);
user_pref("extensions.helperbar.barcodeid", "769");
user_pref("extensions.helperbar.countryiso", "au");
user_pref("extensions.helperbar.DockingPositionDown", false);
user_pref("extensions.helperbar.downloadprovider", "quickobrw");
user_pref("extensions.helperbar.fromautoupdate", "true");
user_pref("extensions.helperbar.installationid", "b6d670bf-a70b-f0b2-feb1-724899e26cde");
user_pref("extensions.helperbar.installdate", "29/09/2013");
user_pref("extensions.helperbar.keepAliveLastevent", "1396515098");
user_pref("extensions.helperbar.lastExternalJsUpdate", "1396515112608");
user_pref("extensions.helperbar.publisher", "quickobrw");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("extensions.helperbar.Visibility", false);
user_pref("keyword.URL", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz2AsG0q4KsCpWV
---- Lines extensions.09BAdVf removed from prefs.js ----
user_pref("extensions.09BAdVf.epoch", "1396601506");
user_pref("extensions.09BAdVf.url", "http://discountgetdirect.ru/sync2/?q=hfZ9oeqLDfqTtNbPhd9FtMqLDe49CNU0nlkMCMlNhd9FrHwGrTrEpdaEqdwMBzqUojw9rdnErHa5
---- Lines extensions.Auk3A8Yg3 removed from prefs.js ----
user_pref("extensions.Auk3A8Yg3.epoch", "1396601506");
user_pref("extensions.Auk3A8Yg3.url", "http://discountgetdirect.ru/sync2/?q=hfZ9ofqKhchEAen0rihTB6lKDzt4okxltNtVh7n0rjrFrTsHrdYErjw9tMFHhd9Fqda9rdrEpd
---- Lines extensions.Pzg37DNX removed from prefs.js ----
user_pref("extensions.Pzg37DNX.epoch", "1396601506");
user_pref("extensions.Pzg37DNX.url", "http://foreveryboxzip.ru/sync2/?q=hfZ9oehUrTwMCyVUojwMg708BNmGWj8blihGheDUojw9rdwHrjsErjUFqihIC7n0rjnEqdaHrdY8rj
---- Lines extensions.ud1KOZO5eIVx removed from prefs.js ----
user_pref("extensions.ud1KOZO5eIVx.epoch", "1396601506");
user_pref("extensions.ud1KOZO5eIVx.url", "http://discountgetdirect.ru/sync2/?q=hfZ9ofbGBGhEAen0rihTB6lKDzt4okxltNtVh7n0rjnErTwHrTaHrTn5tMFHhd9Fqda9rdr
---- FireFox user.js and prefs.js backups ----

prefs_20140406_1021_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\njmfeahhegadnigofkdhkildgppcpmal deleted
C:\Users\usr\AppData\LocalLow\{2A67CCCC-5572-B61A-0964-83D8D0B41D95} deleted
C:\Users\usr\AppData\LocalLow\{51C4C85D-FB34-F50D-E921-0702F9D8D4CE} deleted
C:\Users\usr\AppData\LocalLow\{8F66D854-D5B0-02CF-A959-CBC054377034} deleted
C:\Users\usr\AppData\LocalLow\{F00A2D21-AD4C-F128-8F43-94F7C466B31E} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{2A67CCCC-5572-B61A-0964-83D8D0B41D95} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{8F66D854-D5B0-02CF-A959-CBC054377034} deleted
C:\Users\usr\AppData\Local\Packages\windows_ie_ac_001\AC\{51C4C85D-FB34-F50D-E921-0702F9D8D4CE} deleted
C:\Users\usr\AppData\Local\Packages\windows_ie_ac_001\AC\{F00A2D21-AD4C-F128-8F43-94F7C466B31E} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{2A67CCCC-5572-B61A-0964-83D8D0B41D95} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{8F66D854-D5B0-02CF-A959-CBC054377034} deleted
C:\PROGRA~3\b2e39d182b4efe3e deleted
C:\PROGRA~3\sahopnDrop deleted
C:\PROGRA~2\sahopnDrop deleted
C:\PROGRA~3\PRoShhopPer deleted
C:\PROGRA~2\PRoShhopPer deleted
C:\PROGRA~3\CuOupScanner deleted
C:\PROGRA~2\CuOupScanner deleted
C:\PROGRA~3\PDFConverTer deleted
C:\PROGRA~2\PDFConverTer deleted
C:\PROGRA~2\DealPly deleted
C:\PROGRA~2\DealPlyLive deleted
C:\PROGRA~2\Optimizer Pro deleted
C:\Users\usr\AppData\Roaming\Dealply deleted
C:\PROGRA~3\DealPlyLive deleted
C:\Users\usr\AppData\Local\DealPlyLive deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard deleted
C:\Windows\Tasks\Dealply.job deleted
C:\windows\SysNative\Tasks\Dealply deleted
C:\Users\usr\AppData\LocalLow\Smartbar deleted
C:\windows\SysNative\Tasks\BrowserSafeguard Update Task deleted
C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default\searchplugins\Web Search.xml deleted
C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default\extensions\staged deleted
C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default\extensions\fbbshfqwdxr@wmn-.net deleted
C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default\extensions\hzx-2osg@ouzmlc.org deleted
C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default\extensions\pgwewx@rnsvwpfdt.edu deleted
C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default\extensions\uoiyygkn@thgr-xij.org deleted
"C:\PROGRA~3\egbmmfcbmcghmaccoeehfpbmckhmioik\egbmmfcbmcghmaccoeehfpbmckhmioik.crx" deleted
"C:\PROGRA~3\egbmmfcbmcghmaccoeehfpbmckhmioik\update.xml" deleted
"C:\PROGRA~2\Browsersafeguard\BrowserSafeguard.exe" deleted
"C:\PROGRA~2\Browsersafeguard\BrowserSafeguard.exe" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\lrcnt.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Lrcnta.exe" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\MACTrackBarLib.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\QuickShare.exe" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\sgml.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\sidb.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\siem.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\sipb.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\sismlp.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\smta.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\smtu.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\spbe.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\spbl.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\sppsm.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\spusm.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srau.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srbs.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srbu.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srns.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srom.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srpdm.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srsbs.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srsbsau.dll" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application\srut.dll" deleted
"C:\PROGRA~3\egbmmfcbmcghmaccoeehfpbmckhmioik" deleted
"C:\Users\usr\AppData\Roaming\ArcSoft" deleted
"C:\PROGRA~2\Browsersafeguard" deleted
"C:\PROGRA~2\Browsersafeguard" deleted
"C:\Users\usr\AppData\Local\Smartbar" deleted
"C:\Users\usr\AppData\Local\Smartbar\Application" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default
- QuickShare Widget - %ProfilePath%\extensions\{b6d670bf-a70b-f0b2-feb1-724899e26cde}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +


==== Deleted Firefox Extensions ======================

C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default\extensions\{b6d670bf-a70b-f0b2-feb1-724899e26cde} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]

PDFConverTer - usr\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbmmfcbmcghmaccoeehfpbmckhmioik
DealPly Shopping - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf

==== Chrome Fix ======================

C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_maxwebsearch.com_0.localstorage deleted successfully
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_maxwebsearch.com_0.localstorage-journal deleted successfully
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage deleted successfully
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b.scorecardresearch.com_0.localstorage-journal deleted successfully
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbmmfcbmcghmaccoeehfpbmckhmioik deleted successfully
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_egbmmfcbmcghmaccoeehfpbmckhmioik_0.localstorage deleted successfully
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_egbmmfcbmcghmaccoeehfpbmckhmioik_0.localstorage-journal deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf deleted successfully
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz2AsG0q4KsCpWVodnfqahadB57slU5zrTUEpEkMw7Gw5Th-kaawmM3lCqgmbifTt-S1dBoUDerDkQv285dqAK6V0AKd8vox0ADWo0SPN-plF3M9VLSOC_zeQmaPrQ,,"
"Search Page"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz2AsG0q4KsCpWVodnfqahadB57slU5zrTUEpEkMw7Gw5Th-kaawmM3lCqgmbiffy93N6SbI52jJVSBA6QAunjKlATJ_xEI2nF2ocDWSaoAew0g27ZH-TsLhscIbcg,,&q={searchTerms}"
"Search Bar"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz2AsG0q4KsCpWVodnfqahadB57slU5zrTUEpEkMw7Gw5Th-kaawmM3lCqgmbiffy93N6SbI52jJVSBA6QAunjKlATJ_xEI2nF2ocDWSaoAew0g27ZH-TsLhscIbcg,,&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz2AsG0q4KsCpWVodnfqahadB57slU5zrTUEpEkMw7Gw5Th-kaawmM3lCqgmbiffy93N6SbI52jJVSBA6QAunjKlATJ_xEI2nF2ocDWSaoAew0g27ZH-TsLhscIbcg,,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz2AsG0q4KsCpWVodnfqahadB57slU5zrTUEpEkMw7Gw5Th-kaawmM3lCqgmbiffy93N6SbI52jJVSBA6QAunjKlATJ_xEI2nF2ocDWSaoAew0g27ZH-TsLhscIbcg,,&q={searchTerms}"
"SearchAssistant"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk5qfH2Wp8-m5PIHz2AsG0q4KsCpWVodnfqahadB57slU5zrTUEpEkMw7Gw5Th-kaawmM3lCqgmbiffy93N6SbI52jJVSBA6QAunjKlATJ_xEI2nF2ocDWSaoAew0g27ZH-TsLhscIbcg,,&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49168;https=127.0.0.1:49168"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\usr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\usr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYSOP9J0 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\usr\AppData\Local\Mozilla\Firefox\Profiles\wzxwi8ef.default\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1099 folders=97 37279732 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\usr\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\usr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\usr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYSOP9J0" not found

==== EOF on Wed 04/06/2014 at 22:34:00.36 ======================
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm
Advertisement
Register to Remove

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 4th, 2014, 5:10 pm

3. Contents of OTL.txt log file below:

OTL logfile created on: 4/06/2014 10:37:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.92% Memory free
7.73 Gb Paging File | 5.90 Gb Available in Paging File | 76.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 386.34 Gb Free Space | 82.97% Space Free | Partition Type: NTFS

Computer Name: USR-PC | User Name: usr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/04 22:36:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\usr\Downloads\OTL.exe
PRC - [2014/05/15 13:18:29 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\usr\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/04 12:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/04 12:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 12:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 12:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 12:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 12:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/06 18:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/16 10:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 15:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/10/28 11:18:44 | 000,117,608 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV - [2014/01/25 12:27:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/20 22:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/27 18:58:24 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2013/08/28 17:53:19 | 000,333,864 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57amd64.sys -- (k57nd)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,768,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 00:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/17 20:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 00 D6 2A CF 9E CE 01 [binary data]
IE - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {b6d670bf-a70b-f0b2-feb1-724899e26cde}:1.0
FF - prefs.js..extensions.enabledAddons: %7Bb6d670bf-a70b-f0b2-feb1-724899e26cde%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/29 15:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usr\AppData\Roaming\mozilla\Extensions
[2014/06/04 22:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\usr\AppData\Roaming\mozilla\Firefox\Profiles\wzxwi8ef.default\extensions
[2014/01/25 12:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/25 12:27:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\USR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WZXWI8EF.DEFAULT\EXTENSIONS\{B6D670BF-A70B-F0B2-FEB1-724899E26CDE}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Drive = C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Wallet = C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000..\Run: [Browser Infrastructure Helper] C:\Users\usr\AppData\Local\Smartbar\Application\QuickShare.exe startup File not found
O4 - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000..\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe File not found
O4 - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000..\Run: [SkyDrive] C:\Users\usr\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{318DAE8B-904D-4383-8C29-0B7C071F562B}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E07E7847-FF1F-47B8-B528-FB24BA46F268}: DhcpNameServer = 61.9.194.49 61.9.195.193
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e4c38b4e-18f1-11e3-bbea-206a8a0fc1a3}\Shell - "" = AutoRun
O33 - MountPoints2\{e4c38b4e-18f1-11e3-bbea-206a8a0fc1a3}\Shell\AutoRun\command - "" = E:\win\setup.exe -phs
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\win\setup.exe -phs
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/04 22:34:33 | 000,000,000 | ---D | C] -- C:\Users\usr\Desktop\Logs
[2014/06/04 22:34:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/04 22:25:01 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2014/06/04 22:25:01 | 000,000,000 | ---D | C] -- C:\Users\usr\AppData\Local\Temp
[2014/06/04 22:11:47 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/05/15 08:41:00 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 08:40:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 08:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 19:25:32 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 19:25:32 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 19:25:20 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 19:25:19 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 19:25:19 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 19:25:19 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 19:25:19 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 19:25:19 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 19:25:18 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 19:25:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 19:25:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 19:25:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 19:25:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 19:25:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 19:25:17 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 19:25:17 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 19:25:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 19:25:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 19:25:17 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 19:25:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 19:25:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 19:25:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 19:25:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 19:25:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 19:25:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

========== Files - Modified Within 30 Days ==========

[2014/06/04 22:38:13 | 000,015,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 22:38:13 | 000,015,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 22:34:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/04 22:33:31 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/04 22:30:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/04 22:30:45 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/04 22:13:38 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/06/04 22:01:06 | 000,783,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/04 22:01:06 | 000,667,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/04 22:01:06 | 000,126,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/09 16:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 16:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/06 13:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/06 12:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

========== Files Created - No Company Name ==========

[2014/06/04 22:25:02 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/02/10 21:50:39 | 000,007,608 | ---- | C] () -- C:\Users\usr\AppData\Local\Resmon.ResmonCfg
[2014/02/09 09:07:48 | 000,022,544 | ---- | C] () -- C:\Users\usr\AppData\Roaming\UserTile.png
[2014/02/01 06:29:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/19 19:26:34 | 000,000,139 | ---- | C] () -- C:\Users\usr\AppData\Roaming\WB.CFG
[2013/09/29 17:03:04 | 000,767,278 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 12:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 12:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/28 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\usr\AppData\Roaming\BACS.exe
[2013/09/09 13:05:46 | 000,000,000 | ---D | M] -- C:\Users\usr\AppData\Roaming\Notepad++
[2014/06/04 22:30:07 | 000,000,000 | ---D | M] -- C:\Users\usr\AppData\Roaming\SoftGrid Client
[2013/09/29 17:06:08 | 000,000,000 | ---D | M] -- C:\Users\usr\AppData\Roaming\TP
[2014/03/10 08:44:06 | 000,000,000 | ---D | M] -- C:\Users\usr\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 4th, 2014, 5:11 pm

4. Contents of Extras.txt log file below:

OTL Extras logfile created on: 4/06/2014 10:37:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\usr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.92% Memory free
7.73 Gb Paging File | 5.90 Gb Available in Paging File | 76.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 386.34 Gb Free Space | 82.97% Space Free | Partition Type: NTFS

Computer Name: USR-PC | User Name: usr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A0BF66-FFBF-4E2A-9053-A20C67EE97F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0177FF6A-4D5F-432C-8DC9-EB825B8BC970}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FE5EBC0-4D7D-4789-B8B9-925B60E0C5C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10C0821B-0EC2-4905-AF0E-52BFBD175B91}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{14B512A6-3459-4CE0-85D2-28AE41757C37}" = lport=445 | protocol=6 | dir=in | app=system |
"{14D6A01A-9C1C-4883-AC9B-EDC43B80C9CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{1542881D-7E8D-42DE-B3F2-64A3D624438B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{277643EC-D324-4547-A6E6-EF1C0133F48A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EB233DF-5DA5-47FF-87BF-7970381D3CE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49E0830B-04CF-438B-B749-648831F7BF7E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BCEA9FE-168B-4566-99B5-1B3C74546C8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D92C173-BFC7-477E-8125-941075ACEF87}" = rport=138 | protocol=17 | dir=out | app=system |
"{4DE0173D-E2AF-4281-B263-14F7F7C820BB}" = rport=139 | protocol=6 | dir=out | app=system |
"{635CBC4C-F56A-4E53-8755-AE8D81F1E345}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{65D57EF5-1575-4E47-9318-298335AE81DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70B4FA05-C4D9-4D8B-9CDD-E3886F990CA3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{759459BA-9E52-47C2-877B-0E13611A186F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{79972549-F883-470E-9BF7-C2DF04485329}" = lport=138 | protocol=17 | dir=in | app=system |
"{8F19BD74-5ED9-47CA-8F2D-39ABBA9AB9BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3A075CF-DFCA-4863-BBAB-89E9EEA57103}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAB57F84-4754-4846-94A0-BFCE044FE49D}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8C5D8C5-3CC5-48E4-AB85-F2CA4087C9B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{BBFCF1E8-178F-48D8-946A-865B0A0FFABB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C743E356-929F-48CF-A561-764E5B6DAE57}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CF0611DA-B93D-4DCA-A290-458AD0A050D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D21DCACB-1BD0-4043-B2D8-22736E1FB0E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D2F636AE-6905-42B8-A0AE-9F8C2D99901C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E600901C-0AFB-4831-A452-6679EDE883E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB8AC5AA-0023-4858-BE87-2D47A206EDD9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF7A18EE-E0EB-408B-8471-8D3152D2DFDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F27A9288-5F94-4871-A5FD-7C0409A15059}" = rport=445 | protocol=6 | dir=out | app=system |
"{F743C888-3635-41B4-B548-0749B22F62F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB93E387-F200-4F63-BE8D-2C451B516F8B}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045FD92B-716A-4385-9CE6-D23AD8C9CA8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{068C2377-7477-4E91-BB5B-7963FA0FEC39}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{069AFD35-8EF1-4F51-8BAE-99A25B3B29E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E407FB0-E5C2-41C4-AC41-E2FEA907AAE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22A29ED7-518C-40A0-BC1E-164C76CE610B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{252DE92F-05AA-4ABC-9851-4A08BA3685E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D9EFD80-5B3E-43B0-9D3A-912C7267F01E}" = protocol=6 | dir=out | app=system |
"{32080131-9F48-4A33-BDDE-C1DFE42FA7D7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3514563D-C4F2-47B0-A05E-1CA4BAF36101}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{40CD95C3-1480-4B7C-9528-0DD6315D3CB6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{410CDA28-70D6-491B-B2CB-13DDBC73B824}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4FFBC716-540D-442A-9661-BFE2D0DE965F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51DBF7C8-0605-42BC-8A35-0F835BCEEFFA}" = dir=in | app=c:\users\usr\appdata\local\microsoft\skydrive\skydrive.exe |
"{660AB6D2-AE28-4CD1-9C6D-07E8CBA45B5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77F3FB1A-8C01-4BC1-A384-A7C0015B63AC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78142A64-E113-48B2-B547-72622F3B421F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BF56B21-012D-4A1C-A1DB-5CC1C03FF86D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F432166-7B19-4557-A76E-E33E0625E357}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{87DBCB44-2E6A-40BF-B167-31E0609A5A97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B5277FB-0980-4EC4-9A90-160FDF8DD022}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A31FF640-D599-432D-BC1D-A0E09365CBEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4ECFF84-F68A-4360-901B-B374D83CB807}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC936C75-F773-485D-A126-9E3D33C9C96C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B704EEC7-CF94-491C-8E64-5293CCC83053}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C580D8AB-278E-4B9E-9499-8915349BA414}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D62625D7-68E8-4607-83E3-12FB67F549F6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D7F122AC-2DED-4CD9-9290-FBA4FFFCDA25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FDED4BF5-7108-4C29-AF3D-F6C2C77672E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{177B57D1-6CB4-4EE9-824D-8E721A54CD02}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe |
"TCP Query User{6ADE48AC-5C04-4960-A479-27D8D9DF12CA}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe |
"UDP Query User{2096BA59-C0AA-4718-87B3-09FC8C9A223E}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe |
"UDP Query User{4EF2AC79-C6D7-4A8B-B941-ECE1BCFFB6DC}C:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 6\totalmedia server\tm server.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{688758A2-8520-4470-8FA6-765BAC86FC53}" = Broadcom Management Programs
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"McAfee Security Scan" = McAfee Security Scan Plus
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11D4FAA0-A577-4FA8-B24E-D24283D861D1}" = QuickShare
"{1F9E8447-9B82-45D5-A6D7-2A4CB874111F}" = Windows Live Mail
"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update
"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform
"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer
"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common
"{99E82553-9654-4FB7-8DB3-900C0FDB1A70}" = Windows Live Writer Resources
"{A2F4B74E-D722-4D9E-817B-F58F32A55A51}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50" = NavDesk 7.50
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{C201BDF9-1C27-46F8-A248-F4469C9FC27C}" = Photo Common
"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCEDADE3-1C8A-4858-BE93-360168178BB2}" = Windows Live Essentials
"Google Chrome" = Google Chrome
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/06/2014 3:57:39 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5070

Error - 4/06/2014 3:57:39 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5070

Error - 4/06/2014 3:57:40 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/06/2014 3:57:40 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6100

Error - 4/06/2014 3:57:40 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6100

Error - 4/06/2014 3:57:41 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/06/2014 3:57:41 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7098

Error - 4/06/2014 3:57:41 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7098

Error - 4/06/2014 4:00:59 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/06/2014 4:00:59 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 205376

Error - 4/06/2014 4:00:59 AM | Computer Name = usr-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 205376

[ Media Center Events ]
Error - 17/05/2014 6:21:07 PM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 8:21:07 AM - Error connecting to the internet. 8:21:07 AM - Unable
to contact server..

Error - 17/05/2014 6:21:18 PM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 8:21:12 AM - Error connecting to the internet. 8:21:12 AM - Unable
to contact server..

Error - 17/05/2014 7:21:23 PM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 9:21:23 AM - Error connecting to the internet. 9:21:23 AM - Unable
to contact server..

Error - 17/05/2014 7:21:29 PM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 9:21:28 AM - Error connecting to the internet. 9:21:28 AM - Unable
to contact server..

Error - 17/05/2014 8:21:33 PM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 10:21:33 AM - Error connecting to the internet. 10:21:33 AM - Unable
to contact server..

Error - 17/05/2014 8:21:39 PM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 10:21:38 AM - Error connecting to the internet. 10:21:38 AM - Unable
to contact server..

Error - 17/05/2014 9:21:43 PM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 11:21:43 AM - Error connecting to the internet. 11:21:43 AM - Unable
to contact server..

Error - 17/05/2014 9:21:49 PM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 11:21:48 AM - Error connecting to the internet. 11:21:48 AM - Unable
to contact server..

Error - 2/06/2014 12:34:50 AM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 2:34:49 PM - Error connecting to the internet. 2:34:49 PM - Unable
to contact server..

Error - 2/06/2014 12:35:05 AM | Computer Name = usr-PC | Source = MCUpdate | ID = 0
Description = 2:34:55 PM - Error connecting to the internet. 2:34:55 PM - Unable
to contact server..

[ System Events ]
Error - 21/02/2014 6:39:25 AM | Computer Name = usr-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/02/2014 6:39:31 AM | Computer Name = usr-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/02/2014 6:39:36 AM | Computer Name = usr-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/02/2014 6:39:41 AM | Computer Name = usr-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/02/2014 6:39:46 AM | Computer Name = usr-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/02/2014 6:39:51 AM | Computer Name = usr-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/02/2014 6:39:56 AM | Computer Name = usr-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/02/2014 6:40:01 AM | Computer Name = usr-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/02/2014 5:07:35 PM | Computer Name = usr-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 22/02/2014 10:08:13 AM | Computer Name = usr-PC | Source = DCOM | ID = 10010
Description =


< End of report >
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 4th, 2014, 5:12 pm

5. Contents of DDS.txt log file below:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by usr at 7:00:13 on 2014-06-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3957.1601 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\notepad.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\usr\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\usr\Downloads\OTL.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SkyDrive] "C:\Users\usr\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Browser Infrastructure Helper] C:\Users\usr\AppData\Local\Smartbar\Application\QuickShare.exe startup
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{318DAE8B-904D-4383-8C29-0B7C071F562B} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{318DAE8B-904D-4383-8C29-0B7C071F562B}\F416B63702055726C696360275962756C6563737 : DHCPNameServer = 10.100.0.1 139.130.4.4 203.50.2.71
TCP: Interfaces\{E07E7847-FF1F-47B8-B528-FB24BA46F268} : DHCPNameServer = 61.9.194.49 61.9.195.193
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\usr\AppData\Roaming\Mozilla\Firefox\Profiles\wzxwi8ef.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BPowMon;Broadcom Power monitoring service;C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-10-28 117608]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 k57nd;Broadcom NetLink Gigabit Ethernet;C:\Windows\System32\drivers\k57amd64.sys [2009-12-11 333864]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-13 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-12 1255736]
.
=============== Created Last 30 ================
.
2014-06-04 12:34:08 -------- d-sh--w- C:\$RECYCLE.BIN
2014-06-04 12:25:02 24064 ----a-w- C:\Windows\zoek-delete.exe
2014-06-04 12:25:01 -------- d-----w- C:\Users\usr\AppData\Local\Temp
2014-06-04 12:11:47 -------- d-----w- C:\zoek_backup
2014-06-03 10:18:47 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B9CF922-E759-4CEF-964F-A460A2E92DE1}\mpengine.dll
2014-05-14 22:40:59 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-14 22:40:58 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
==================== Find3M ====================
.
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-30 23:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-27 08:59:36 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2014-03-27 08:58:24 3896632 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2014-03-27 08:58:24 3561272 ----a-w- C:\Windows\System32\bcmihvui64.dll
2014-03-27 08:58:24 3058168 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
.
============= FINISH: 7:00:52.88 ===============
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 4th, 2014, 5:13 pm

6. Contents of Attach.txt log file below:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/08/2013 12:21:01 PM
System Uptime: 5/06/2014 5:45:31 AM (2 hours ago)
.
Motherboard: Acer | | Aspire 4741
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 1858/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 382.903 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ArcCtrl
Device ID: ROOT\LEGACY_ARCCTRL\0000
Manufacturer:
Name: ArcCtrl
PNP Device ID: ROOT\LEGACY_ARCCTRL\0000
Service: ArcCtrl
.
==== System Restore Points ===================
.
RP174: 26/05/2014 12:10:04 AM - Windows Update
RP175: 27/05/2014 3:00:14 AM - Windows Update
RP176: 27/05/2014 3:07:34 AM - Windows Update
RP177: 27/05/2014 8:13:27 AM - Removed ArcSoft TotalMedia Theatre 6
RP178: 27/05/2014 10:32:21 PM - Windows Update
RP179: 28/05/2014 5:09:23 AM - Windows Update
RP180: 28/05/2014 1:26:33 PM - Windows Update
RP182: 29/05/2014 9:06:35 PM - Removed Acer Crystal Eye webcam
RP184: 30/05/2014 8:42:47 AM - Windows Update
RP185: 30/05/2014 11:44:54 PM - Windows Update
RP186: 31/05/2014 4:13:02 AM - Windows Update
RP187: 31/05/2014 10:18:20 PM - Windows Update
RP188: 31/05/2014 10:35:05 PM - Windows Update
RP191: 3/06/2014 10:17:31 PM - Windows Update
RP192: 4/06/2014 6:09:16 AM - Windows Update
RP193: 4/06/2014 9:54:55 PM - Emmie Restore Point 4 June 2014
RP194: 4/06/2014 10:14:51 PM - zoek.exe restore point
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam
Adobe Reader XI (11.0.07)
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Network Adapter
Broadcom Management Programs
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Google Chrome
Google Earth Plug-in
Google Update Helper
iTunes
Junk Mail filter update
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word Viewer 2003
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NavDesk 7.50
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
Photo Common
QuickShare
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Skype™ 6.3
Synaptics Pointing Device Driver
VLC media player 2.1.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/06/2014 6:54:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).
4/06/2014 10:31:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ArcCtrl
4/06/2014 10:21:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/06/2014 7:03:20 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
.
==== End Of File ===========================
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 4th, 2014, 5:18 pm

7. In response to whether I see changes in computer behaviour, the answer is YES! The incessant ads and pop-up screens seem to have gone, as well as the bizarre re-routing of my URL destinations. The computer gets to a site faster than before, too.

Things look good but I'm concerned that the PDF ConverTer 1.0 extension still has its roots - check out the attachment I took a couple minutes ago, which shows that it's still there.

Thanks for your help!!
Emmie
You do not have the required permissions to view the files attached to this post.
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby pgmigg » June 4th, 2014, 6:09 pm

OK! :D

Hello Emmie,

Welcome back to the forum!

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 5th, 2014, 12:18 am

Thank you, pgmigg. I look forward to hearing your advice on next steps. :flower:
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby pgmigg » June 5th, 2014, 12:13 pm

Hello Emmie,

Step 0.
No Anti-virus Software Installed!
Looking over your log... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection please download a (free for personal use) anti-virus program from one these reliable vendors.

  1. avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
  2. Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.

A good (pay for) Anti-virus program is ESET NOD32 Antivirus - 30 day free trial.

Installing a new AV product.
Do NOT uninstall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer desktop.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product, following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    McAfee Security Scan Plus
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
    O4 - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000..\Run: [Browser Infrastructure Helper] C:\Users\usr\AppData\Local\Smartbar\Application\QuickShare.exe startup File not found
    O4 - HKU\S-1-5-21-1419046907-2595292626-2149871753-1000..\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe File not found
    
    :Files
    @:\ProgramData\TEMP:373E1720
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *Browsersafeguard*
    *PDFConverTer*
    *egbmmfcbmcghmaccoeehfpbmckhmioik*
    
    :folderfind
    *Browsersafeguard*
    *PDFConverTer*
    *egbmmfcbmcghmaccoeehfpbmckhmioik*
    
    :regfind
    Browsersafeguard
    PDFConverTer
    egbmmfcbmcghmaccoeehfpbmckhmioik
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 6th, 2014, 12:12 am

Hello pgmigg,

I will take these steps and post back results soon! Installing Anti-Virus software now.

Thanks
Emmie
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 6th, 2014, 7:09 am

Dear pgmigg,

A. Two issues arose while executing your instructions. First, I installed "Avast! Free Antivirus" but it is unable to update my version of Google Chrome (please see screenshot i] attached). Second, when following Step 1, I could not uninstall appwiz.cpl because it could not be found under programs in the control panel. When I located it in a local folder and tried to delete it, it would not delete (screenshot ii] attached in next post)
You do not have the required permissions to view the files attached to this post.
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 6th, 2014, 7:10 am

This is the error message that appeared when I tried to delete appwiz.cpl from my Local Disk (C:)
You do not have the required permissions to view the files attached to this post.
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 6th, 2014, 7:13 am

B. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1419046907-2595292626-2149871753-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard deleted successfully.
========== FILES ==========
Unable to delete ADS :\ProgramData\TEMP:373E1720 .
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\usr\Downloads\cmd.bat deleted successfully.
C:\Users\usr\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: usr
->Temp folder emptied: 1941956 bytes
->Temporary Internet Files folder emptied: 6119701 bytes
->FireFox cache emptied: 8473018 bytes
->Google Chrome cache emptied: 115084847 bytes
->Flash cache emptied: 233 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1482123 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2149 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 127.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: usr
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: usr

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06062014_170642

Files\Folders moved on Reboot...
File\Folder C:\Users\usr\AppData\Local\Temp\CVHLauncher(2014060616545918A0).log not found!
C:\Users\usr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\usr\AppData\Local\Temp\~DF19DE86C7C4FEB738.TMP not found!
File\Folder C:\Users\usr\AppData\Local\Temp\~DF2B387944F566D282.TMP not found!
File\Folder C:\Users\usr\AppData\Local\Temp\~DF403469A873FB48A2.TMP not found!
File\Folder C:\Users\usr\AppData\Local\Temp\~DF7BF610A991ACBF2F.TMP not found!
File\Folder C:\Users\usr\AppData\Local\Temp\~DFA8AA2617C45BC2E2.TMP not found!
File\Folder C:\Users\usr\AppData\Local\Temp\~DFDBD591E0AE55A590.TMP not found!
C:\Users\usr\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 6th, 2014, 7:14 am

C. Contents of the SystemLook.txt log file

SystemLook 30.07.11 by jpshortstuff
Log created at 20:59 on 06/06/2014 by usr
Administrator - Elevation successful

========== filefind ==========

Searching for "*Browsersafeguard*"
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_browsersafeguard.com_0.localstorage --a---- 3072 bytes [11:57 21/02/2014] [10:19 04/06/2014] 1889AEF5A74773797E6F6153F6936FE5
C:\Users\usr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_browsersafeguard.com_0.localstorage-journal --a---- 3608 bytes [11:57 21/02/2014] [10:19 04/06/2014] D496CE201D7680FD4B17B76205C7E425
C:\zoek_backup\C_windows_SysNative_Tasks_BrowserSafeguard Update Task.vir --a---- 3850 bytes [12:22 04/06/2014] [05:19 29/09/2013] 6227A1C8D1F35D1BE2A461F8FA2554D0
C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_BrowserSafeguard\BrowserSafeguard.lnk --a---- 1159 bytes [12:22 04/06/2014] [05:19 29/09/2013] 9CC77CD478DA6D0668FF4C251E91FBA5
C:\zoek_backup\C_PROGRA~2_Browsersafeguard\BrowserSafeguard.exe --a---- 563200 bytes [12:22 04/06/2014] [02:14 04/09/2013] 09669FF47664A66FDC45C4A018FDC4CF
C:\zoek_backup\C_PROGRA~2_Browsersafeguard\uninstall.browsersafeguard.exe --a---- 2375680 bytes [12:22 04/06/2014] [05:18 29/09/2013] 340DE8E4F50A3748D116C3A98AEB97F6

Searching for "*PDFConverTer*"
C:\zoek_backup\C_Users_usr_AppData_LocalLow_{F00A2D21-AD4C-F128-8F43-94F7C466B31E}\PDFConverTer.2.7.dat --a---- 163840 bytes [12:22 04/06/2014] [22:54 14/02/2014] B81A9C181DFFEA8AE96A3688F940507B
C:\zoek_backup\C_Users_usr_AppData_Local_Packages_windows_ie_ac_001_AC_{F00A2D21-AD4C-F128-8F43-94F7C466B31E}\PDFConverTer.2.7.dat --a---- 144 bytes [12:22 04/06/2014] [20:29 31/01/2014] 23C308104C1D6D78C20D4A3FB3F183E8

Searching for "*egbmmfcbmcghmaccoeehfpbmckhmioik*"
C:\zoek_backup\C_Users_usr_AppData_Local_Google_Chrome_User Data_Default_Local Storage_chrome-extension_egbmmfcbmcghmaccoeehfpbmckhmioik_0.localstorage-journal.vir --a---- 16384 bytes [12:23 04/06/2014] [11:32 04/06/2014] 204DFA094151386BFE885C5ADC58C9F4
C:\zoek_backup\C_Users_usr_AppData_Local_Google_Chrome_User Data_Default_Local Storage_chrome-extension_egbmmfcbmcghmaccoeehfpbmckhmioik_0.localstorage.vir --a---- 143360 bytes [12:23 04/06/2014] [11:32 04/06/2014] 3C8915C62A0248D702FAC71CD7087A08
C:\zoek_backup\C_PROGRA~3_egbmmfcbmcghmaccoeehfpbmckhmioik\egbmmfcbmcghmaccoeehfpbmckhmioik.crx --a---- 8477 bytes [12:22 04/06/2014] [20:29 31/01/2014] C91B8211D05DCA8B9EC5764D7DFA5118

========== folderfind ==========

Searching for "*Browsersafeguard*"
C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_BrowserSafeguard d-a---- [12:22 04/06/2014]
C:\zoek_backup\C_PROGRA~2_Browsersafeguard d-a---- [12:22 04/06/2014]

Searching for "*PDFConverTer*"
C:\zoek_backup\C_PROGRA~2_PDFConverTer d-a---- [12:22 04/06/2014]
C:\zoek_backup\C_PROGRA~3_PDFConverTer d-a---- [12:22 04/06/2014]

Searching for "*egbmmfcbmcghmaccoeehfpbmckhmioik*"
C:\zoek_backup\C_PROGRA~3_egbmmfcbmcghmaccoeehfpbmckhmioik d-a---- [12:22 04/06/2014]
C:\zoek_backup\C_Users_usr_AppData_Local_Google_Chrome_User Data_Default_Extensions_egbmmfcbmcghmaccoeehfpbmckhmioik d-a---- [12:23 04/06/2014]

========== regfind ==========

Searching for "Browsersafeguard"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA070F40-44E4-4780-8264-2E71D9D9BBA9}]
"Path"="\BrowserSafeguard Update Task"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Browsersafeguard]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Browsersafeguard]
"implementationid"="browsersafeguard-pitch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Browsersafeguard_RASMANCS]

Searching for "PDFConverTer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F00A2D21-AD4C-F128-8F43-94F7C466B31E}]
@="PDFConverTer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F00A2D21-AD4C-F128-8F43-94F7C466B31E}\InprocServer32]
@="C:\ProgramData\PDFConverTer\mh5uYp.x64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDFCoNverrter.PDFCoNverrter]
@="PDFConverTer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDFCoNverrter.PDFCoNverrter.1.0]
@="PDFConverTer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F00A2D21-AD4C-F128-8F43-94F7C466B31E}]
@="PDFConverTer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F00A2D21-AD4C-F128-8F43-94F7C466B31E}\InprocServer32]
@="C:\ProgramData\PDFConverTer\mh5uYp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F00A2D21-AD4C-F128-8F43-94F7C466B31E}]
@="PDFConverTer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F00A2D21-AD4C-F128-8F43-94F7C466B31E}\InprocServer32]
@="C:\ProgramData\PDFConverTer\mh5uYp.dll"

Searching for "egbmmfcbmcghmaccoeehfpbmckhmioik"
No data found.

-= EOF =-
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm

Re: Continuing the Fight Against PDF ConverTer 1.0

Unread postby Emmie » June 6th, 2014, 7:20 am

D. Do you see any changes in computer behavior?

Changes were most noticeable after implementing the first set of instructions. It does feel safer to have the AV software now! :) It appears as an extension beside the PDF ConverTer 1.0 extension, which doesn't seem to have budged quite yet.

So great to actually be directed to Google rather than a weird 'ad search engine' called Snapdo, which kept coming up before I implemented the first set of instructions.

Thanks,
Emmie
You do not have the required permissions to view the files attached to this post.
Emmie
Regular Member
 
Posts: 20
Joined: May 26th, 2014, 12:02 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware