GeekPolice Tech TutorialsLog in

 

[INACTIVE] second-hand dell inspiron n4010

mode_editThis forum is locked: you cannot post, reply to, or edit topics.replyThis topic is locked: you cannot edit posts or make replies.
Share

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Will post as soon as completed.

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by caty (Administrator) on Mon 11/28/2016 at 22:26:16.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 27

Failed to delete: C:\Program Files\spi (Folder)
Successfully deleted: C:\ProgramData\best buy pc app (Folder)
Successfully deleted: C:\ProgramData\blekko toolbars (Folder)
Successfully deleted: C:\Users\caty\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67} (Empty Folder)
Successfully deleted: C:\Users\caty\AppData\Local\best buy pc app (Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg (Folder)
Successfully deleted: C:\Users\caty\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZZOG2NM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7ICL350 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUP5S1UM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\caty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPQ5VAZG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZZOG2NM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7ICL350 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUP5S1UM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPQ5VAZG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho2CEC.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho46E5.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho5AAD.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho71BC.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho7AB3.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho801A.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho8033.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho8202.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho866E.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoAB2C.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoCDF7.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\shoF23A.tmp (File)

Deleted the following from C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\prefs.js
user_pref(browser.startup.homepage, hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff|hxxp://www.google.com/);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Best Buy pc app (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/28/2016 at 22:44:26.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Excellent... Now, not to seem redundant, please rerun the tools in the following order to make sure we got it all, along with posting the logs:

-Junkware Removal Tool
-AdwCleaner
-Let me know how things are running currently, please. Smile...

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Alrighty, AdwCleaner on the way. Noticably different experience right off. Thank You!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by caty (Administrator) on Mon 11/28/2016 at 23:57:23.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


Deleted the following from C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\prefs.js
user_pref(browser.startup.homepage, hxxps://search.yahoo.com/?type=435371&fr=spigot-yhp-ff|hxxp://www.google.com/);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/29/2016 at  0:07:17.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
# AdwCleaner v6.030 - Logfile created 29/11/2016 at 00:14:38
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-28.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : caty - CATY-PC
# Running from : C:\Users\caty\Desktop\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found:  HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
Key Found:  [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found:  HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Yahoo\Companion


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\prefs.js] - "keyword.URL" -  "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p="
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fbmimoidopbghbcmdmpkjaffffmcbmbg
Chrome pref Found:  [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mpfapcdfbbledbojijcbcclmlieaoogk

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [4140 Bytes] - [28/11/2016 21:25:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [2813 Bytes] - [29/11/2016 00:14:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2886 Bytes] ##########

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Okay, let's clean with AdwCleaner, and do some final investigations... then it should be an all-clear.

Remove the Adware

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner_xxxx.exe to run the tool.
  • Press Scan, wait for it to finish, and then hit Clean.
  • Your computer will be rebooted automatically. If it does not, please reboot the computer manually.
  • Once it is restarted and you're back in Windows, double-click adwcleaner_xxxx.exe, hit "Logfile." On the Cleaning tab, double-click the latest logfile, copy the contents, and paste it into your next reply.
  • You can find the logfile at C:\AdwCleaner[Sx].txt as well.





Download Security Check from here or here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.





Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
I will be back to this device shortly and get back to work, thanks so much for your time and energy!

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Okay, I look forward to it!

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
# AdwCleaner v6.030 - Logfile created 29/11/2016 at 23:28:23
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-29.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : caty - CATY-PC
# Running from : C:\Users\caty\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\SdcUser.SdcMailCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CE808F4-C861-4392-B55E-C97A89FBE2DD}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key deleted: HKU\S-1-5-21-2814596201-296319993-4142043406-1001\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "keyword.URL" -  "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p="
[-] [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fbmimoidopbghbcmdmpkjaffffmcbmbg
[-] [C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mpfapcdfbbledbojijcbcclmlieaoogk


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2716 Bytes] - [29/11/2016 23:28:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [4140 Bytes] - [28/11/2016 21:25:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [2985 Bytes] - [29/11/2016 00:14:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [3058 Bytes] - [29/11/2016 23:27:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3008 Bytes] ##########

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Should I move on to OldTimer?

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Try this link for Security Check please: http://screen317.changelog.fr/SecurityCheck.exe

Yes, move on to the OTL tool, please. Smile...

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Another bad one but otl's on the way.

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
Okay, I will wait for it. Smile...

descriptionRe: [INACTIVE] second-hand dell inspiron n4010

more_horiz
OTL logfile created on: 11/30/2016 12:06:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\caty\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18524)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.20% Memory free
7.60 Gb Paging File | 5.70 Gb Available in Paging File | 74.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 202.27 Gb Free Space | 44.85% Space Free | Partition Type: NTFS
 
Computer Name: CATY-PC | User Name: caty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/11/30 00:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\caty\Desktop\OTL.exe
PRC - [2016/08/11 07:49:18 | 000,978,456 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\Bluestacks\HD-Agent.exe
PRC - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2016/03/10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016/07/13 03:02:57 | 013,579,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\458817680c33d8cdf0e033cd65772906\System.Web.ni.dll
MOD - [2016/06/08 09:25:18 | 001,150,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\2b2d69274742cfa9cac75a84dbd6fdf9\System.Management.ni.dll
MOD - [2016/06/08 09:25:01 | 012,945,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7b437291b260f008653ebc86553ab462\System.Windows.Forms.ni.dll
MOD - [2016/06/08 09:24:51 | 001,623,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48453ce4573683172752f7fdc00f8820\System.Drawing.ni.dll
MOD - [2016/06/08 09:24:40 | 000,974,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6b3bc806e6d6a2c73c6d9f1429395698\System.Configuration.ni.dll
MOD - [2016/06/08 09:24:38 | 007,518,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a57805cc2d492d82e327b83ab24fad62\System.Core.ni.dll
MOD - [2016/06/08 09:24:34 | 007,378,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\36599a72e79974ff4c004c43df9fce2b\System.Xml.ni.dll
MOD - [2016/06/08 09:24:27 | 009,983,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d03eb8a47500f40d5428f9c6875f8e56\System.ni.dll
MOD - [2016/06/08 09:24:17 | 018,111,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\affcb83bba04f782c2586a1788330891\mscorlib.ni.dll
MOD - [2016/06/04 13:55:55 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ef4a32979d02a76972d22c8161778f10\System.Xml.ni.dll
MOD - [2016/06/04 13:55:50 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c8b82d8b2e7e18c7caf27b8017c6c615\System.Configuration.ni.dll
MOD - [2016/06/04 13:55:09 | 007,996,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
MOD - [2015/07/07 10:19:52 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/07/31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2016/11/16 17:55:20 | 010,186,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Gramblr\gramblr.exe -- (gramblrclient)
SRV:64bit: - [2016/10/27 11:37:41 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016/08/22 09:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2016/11/08 09:56:10 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/08/11 07:47:56 | 000,425,496 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2016/08/11 07:47:09 | 000,445,976 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2016/08/11 07:45:21 | 000,462,360 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe -- (BstHdPlusAndroidSvc)
SRV - [2016/03/10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2016/03/10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/11/05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/11/29 23:39:00 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/03/10 14:09:06 | 000,064,896 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016/03/10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/01 10:37:40 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 03:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/01 07:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 22:38:32 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/03 06:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/22 10:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2016/08/11 07:47:38 | 000,152,672 | ---- | M] (BlueStack Systems) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2016/07/28 10:09:30 | 000,307,768 | ---- | M] (Bluestack System Inc. ) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\BstkDrv.sys -- (BstkDrv)
DRV - [2014/01/23 02:22:58 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{AFECA3E5-3747-4FC1-B58E-2B8C57EACE5D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E00D1BB8-B2E7-43D9-86B3-291465F16984}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS475
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.111.2: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\caty\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\caty\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\caty\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\caty\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2012/06/05 15:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\KavAntiBanner@kaspersky.ru [2013/06/11 18:05:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2012/06/05 15:21:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2016/06/08 09:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt
 
[2012/03/18 13:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Extensions
[2016/11/29 23:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions
[2016/09/27 08:48:37 | 001,360,411 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\admin@hide-my-ip.org.xpi
[2016/09/26 20:45:22 | 001,020,810 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\admin@myprivacytools.com.xpi
[2016/10/11 16:01:16 | 000,442,867 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
[2016/10/23 19:32:28 | 001,454,925 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\jid1-Xo5SuA6qc1DFpw@jetpack.xpi
[2016/11/24 00:35:50 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\caty\AppData\Roaming\Mozilla\Firefox\Profiles\r3fbcubk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/06/08 09:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/11 18:07:19 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2012/06/05 14:22:16 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2013/06/11 18:07:17 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012/03/19 07:47:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2016/11/29 23:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2012/03/18 13:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/03/18 13:12:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\caty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\
 
O1 HOSTS File: ([2016/08/13 12:42:25 | 000,001,031 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKCU..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKCU..\Run: [EPSON NX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDA.EXE /FU "C:\Windows\TEMP\E_S6E9B.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\caty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2016/11/28 20:47:50 | 000,000,000 | ---D | M]
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab (Java Plug-in 11.111.2)
O16:64bit: - DPF: {CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab (Java Plug-in 1.8.0_111)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab (Java Plug-in 1.8.0_111)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51DFF7B9-358C-4CF2-B19B-2742F7CC4758}: DhcpNameServer = 13.35.0.1 13.35.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3604CA-70D4-4FAC-B52B-A9251175CB95}: DhcpNameServer = 192.168.0.1 205.171.3.25 205.171.2.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\sbhook.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Permissions in this forum:
You cannot reply to topics in this forum
reply