Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Ads not by this site" hijacking!

Started by NorthstarATL , Nov 13 2013 08:32 PM

  • Please log in to reply

#1
NorthstarATL
Posted 13 November 2013 - 08:32 PM

NorthstarATL

    Member

  • Member
  • PipPip
  • 66 posts
Two days ago I updated KMPlayer. I usually am careful about not installing anything 'extra', but the responses were counterintuitive and I wound up with a Conduit toolbar and about 85 PUPS, according to Malwarebytes. I managed to get rid of them, or so I thought, but I compounded the error when I downloaded a file from Sendspace, which also seemed to add some items. I removed what I could, but now I'm getting a white space at the top of my browser that says "ads not by this site", which means I'm infected by something which isn't actually hijacking, but doing the next best thing, I guess. I ran adwcleaner and it found instances of 'conduit' and 'sendspace', but when I hit 'clean' it hangs for about half an hour and then it reads as 'not responding'. You guys have helped me in the past, and I've tried to be careful, but I definitely messed up and need help again. I am disabled and this computer is like my lifeline. I cannot replace it any time soon. Thank you!
OTL scan:
OTL logfile created on: 11/13/2013 9:09:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 52.67% Memory free
6.73 Gb Paging File | 4.60 Gb Available in Paging File | 68.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 59.85 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive R: | 15.92 Mb Total Space | 15.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/13 21:07:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
PRC - [2013/11/05 20:01:30 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/01 17:29:06 | 029,769,432 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/08 17:47:20 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/08/26 03:13:08 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/19 09:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/07/04 01:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/07/04 01:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/10/28 16:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\WinTV\Extend\WinTVExtender.exe
PRC - [2011/10/27 21:17:20 | 000,146,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/10/27 21:15:30 | 000,413,696 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/10/27 21:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/05/20 12:28:26 | 001,949,088 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2010/10/12 09:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 18:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 18:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 22:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/10/19 23:37:06 | 001,040,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
PRC - [1999/10/01 00:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/05 20:01:10 | 003,368,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/01 17:27:52 | 003,558,400 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/09 09:08:18 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f940155076fcae174050046721b66ec4\System.Security.ni.dll
MOD - [2013/10/09 09:08:17 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/09 08:47:40 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/09 08:47:16 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ab40b51ac49fbee9a48b5b74ff78d5d6\System.Core.ni.dll
MOD - [2013/10/09 08:47:08 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/09 08:46:51 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/09 08:46:40 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/10/08 17:47:17 | 016,233,864 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/14 01:51:03 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\1c782ef2a81ad2e6799c3bc38c8c7ec4\WindowsFormsIntegration.ni.dll
MOD - [2013/08/14 01:41:52 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\bc0e7f0d5e3a3d7f1620ef4785026da9\MenuSkinning.ni.dll
MOD - [2013/08/14 01:41:38 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ebd950906a4ecae2d2d9393408361996\VistaBridgeLibrary.ni.dll
MOD - [2013/08/14 01:41:37 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\2086bbf2f31e970b5609a54cd9868c66\DellDock.ni.exe
MOD - [2013/08/14 01:41:35 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\ce00a5e82fbe2eb68c3b64d4960c7568\MyDock.Util.ni.dll
MOD - [2013/08/14 01:41:22 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/14 01:41:16 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/14 01:41:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 00:39:08 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/14 00:38:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/14 00:37:44 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/11 01:44:20 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1c652846fd833029362d4e9f8906d619\UIAutomationProvider.ni.dll
MOD - [2013/07/11 01:43:22 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
MOD - [2013/07/11 01:06:16 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0028ec6b7af46b14dd3f7b9ce487f615\PresentationFramework.Classic.ni.dll
MOD - [2013/07/11 01:05:08 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/07/04 01:16:08 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/07/04 00:09:18 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012/02/17 23:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/10/27 21:16:38 | 000,018,944 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2010/07/04 16:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2007/10/19 23:37:06 | 000,066,048 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\xmltok.dll
MOD - [2007/10/19 23:37:06 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\xmlparse.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2013/11/05 20:01:29 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/08 17:47:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/26 03:13:08 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/19 09:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/04/19 09:49:20 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/07/04 01:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/10/28 16:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2011/10/27 21:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/26 18:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\HcwMocurIR.sys -- (HcwMocurIR)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (akk5qztd)
DRV - [2013/11/13 20:50:25 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5DD5A04-3EB2-49B6-B291-A96EAEA8B4F5}\MpKsl1d07a48b.sys -- (MpKsl1d07a48b)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/09/23 08:59:00 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/06/25 08:14:16 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/04/19 09:49:26 | 000,063,816 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012/07/04 01:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/07/04 01:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/07/04 00:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 07:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/09/29 10:21:42 | 001,621,136 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2011/06/25 19:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/25 19:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/02/13 20:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/13 16:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2003/12/09 09:04:40 | 000,010,368 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rramdisk.sys -- (RRamdisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {39BBBCF4-7D0E-4715-9EBE-196E647401EE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fanta...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...E-0024E80C1292}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 F8 F7 04 5A 1F CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {39BBBCF4-7D0E-4715-9EBE-196E647401EE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{39BBBCF4-7D0E-4715-9EBE-196E647401EE}: "URL" = http://search.condui...5031404179&UM=2
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....Terms}&ei=UTF-8
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fanta...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...E-0024E80C1292}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\fbphotozoom\fbphotozoom13.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/05 20:01:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/05 20:01:03 | 000,000,000 | ---D | M]

[2013/02/15 07:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2013/11/11 14:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2013/11/11 14:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
[2013/10/19 05:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\Kenn\extensions
[2013/11/12 21:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2013/08/26 16:12:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/11/11 18:39:36 | 000,000,000 | ---D | M] (SuRf annd keep) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\[email protected]
[2013/09/27 00:38:09 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\[email protected]
[2013/11/05 20:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/05 20:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/05 20:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/05 20:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/05 20:01:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/10 11:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\scenicreflectionstb.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://start.sweetpa...006.10043&st=23
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://search.condui...9571330436&UM=2
CHR - Extension: Google Drive = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: SuRf annd keep = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flknhnkedeggedkbnajlbhfdmcfmgdbl\2.19\
CHR - Extension: FBPHOTOZOOM = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\

O1 HOSTS File: ([2013/04/27 17:24:08 | 000,001,114 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DownloadHelper Class) - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files\Common Files\Download Helper\DownloadHelper.dll (IE Download Helper)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell\AutoRun\command - "" = L:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/13 20:33:51 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Desktop\RK_Quarantine
[2013/11/13 19:59:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/13 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/11/11 18:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinterSoft
[2013/11/11 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\SendSpace
[2013/11/11 18:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ss helper
[2013/11/11 18:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\suRf and ekeeep
[2013/11/11 18:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\suRf and ekeeep
[2013/11/11 18:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ad10b6c74973e046
[2013/11/11 18:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/11/11 15:05:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/11/11 14:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV
[2013/11/11 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\NativeMessaging
[2013/11/11 14:55:46 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\CRE
[2013/11/11 14:54:20 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\SearchProtect
[2013/11/05 20:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/04 17:51:22 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\2013-11-04 Kenneth_Credit Union
[2013/11/04 17:45:59 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{2F8FDDF7-046B-4424-9B4D-5EDE27F23A1F}
[2013/11/02 21:47:48 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{E1165560-91FA-43FA-9FC8-11C1AAEBC943}
[2013/10/30 11:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013/10/30 11:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/10/30 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\BlueStacks
[2013/10/24 16:00:26 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\Electronic Arts
[2013/10/24 14:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2013/10/22 22:39:55 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Cache
[2013/10/21 12:17:47 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{3B403FE2-C137-440D-ADF9-C8A7E5A8FEA9}
[2013/10/19 05:41:32 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\Freemake
[2013/10/19 05:41:30 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/10/19 05:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/10/19 05:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/10/19 05:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2013/10/19 05:39:37 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/10/16 21:15:08 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\{2D486D95-D44B-4785-9922-41DBC148030B}
[2013/10/16 04:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/16 04:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/16 03:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2012/05/13 23:50:12 | 000,041,984 | ---- | C] (Lee 'FordGT90Concept' Glasser) -- C:\Users\Kenn\Large Address Aware.exe

========== Files - Modified Within 30 Days ==========

[2013/11/13 20:51:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job
[2013/11/13 20:50:30 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 20:50:15 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 20:50:15 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 20:50:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/13 20:47:08 | 003,599,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/13 20:17:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/13 19:44:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 19:09:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/13 19:09:58 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/13 18:59:33 | 000,000,436 | ---- | M] () -- C:\Users\Kenn\settings.sav
[2013/11/13 16:56:59 | 000,096,256 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/13 00:51:08 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job
[2013/11/12 15:52:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/11 15:52:44 | 000,000,514 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20131111_155241.reg
[2013/11/11 15:33:23 | 000,024,126 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20131111_153317.reg
[2013/11/11 15:10:47 | 000,002,032 | ---- | M] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2013/11/11 14:56:33 | 000,000,009 | ---- | M] () -- C:\END
[2013/11/07 00:50:16 | 000,000,950 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/29 08:34:50 | 000,000,736 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/10/26 11:25:50 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2013/10/25 09:22:24 | 000,001,151 | ---- | M] () -- C:\Users\Kenn\Desktop\TS3W - Shortcut.lnk
[2013/10/24 14:28:19 | 000,004,962 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20131024_152812.reg
[2013/10/22 21:20:46 | 000,974,453 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-6.jpg
[2013/10/22 21:19:22 | 000,702,526 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-5.jpg
[2013/10/22 21:19:03 | 000,937,434 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot.jpg
[2013/10/20 20:10:23 | 000,711,683 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-4.jpg
[2013/10/20 20:06:16 | 000,782,070 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-3.jpg
[2013/10/20 13:44:19 | 000,769,427 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-2.jpg
[2013/10/19 06:16:56 | 000,030,308 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20131019_071650.reg

========== Files Created - No Company Name ==========

[2013/11/12 14:57:45 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/11/11 15:52:43 | 000,000,514 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20131111_155241.reg
[2013/11/11 15:33:19 | 000,024,126 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20131111_153317.reg
[2013/11/11 13:37:27 | 000,000,436 | ---- | C] () -- C:\Users\Kenn\settings.sav
[2013/10/25 09:22:24 | 000,001,151 | ---- | C] () -- C:\Users\Kenn\Desktop\TS3W - Shortcut.lnk
[2013/10/24 14:28:15 | 000,004,962 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20131024_152812.reg
[2013/10/22 21:20:46 | 000,974,453 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-6.jpg
[2013/10/22 21:19:22 | 000,702,526 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-5.jpg
[2013/10/22 21:19:03 | 000,937,434 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot.jpg
[2013/10/20 20:10:23 | 000,711,683 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-4.jpg
[2013/10/20 20:06:16 | 000,782,070 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-3.jpg
[2013/10/20 13:44:19 | 000,769,427 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-2.jpg
[2013/10/19 06:16:53 | 000,030,308 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20131019_071650.reg
[2013/04/29 11:49:45 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2013/04/23 08:09:43 | 000,001,536 | ---- | C] () -- C:\Users\Kenn\AppData\Local\recently-used.xbel
[2013/04/23 07:50:59 | 000,000,227 | ---- | C] () -- C:\Users\Kenn\736884F1_00000001_000000000006CBAC.vpxy
[2013/01/19 00:30:25 | 000,091,964 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/01/09 17:39:05 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/01/02 12:49:18 | 000,005,005 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2013/01/02 11:25:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2012/12/09 13:23:08 | 000,000,098 | ---- | C] () -- C:\Users\Kenn\hosts
[2012/07/14 19:12:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/04 02:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/07/04 00:09:18 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012/06/14 12:24:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/14 00:36:17 | 000,048,640 | ---- | C] () -- C:\Users\Kenn\TS3Lib.dll
[2012/03/22 09:33:18 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/15 20:47:39 | 000,667,978 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/15 20:47:39 | 000,007,223 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/13 02:11:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/03/13 02:11:34 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/06 12:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/03/05 14:05:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/05 14:05:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/05 02:09:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/03 06:01:04 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2012/03/03 04:51:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2012/03/03 04:51:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2012/03/02 23:14:28 | 000,096,256 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 19:37:35 | 000,002,032 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2012/03/02 17:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/02 17:15:26 | 000,157,677 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012/03/02 17:06:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2012/03/02 17:06:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/11 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Audacity
[2012/04/20 23:49:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Azureus
[2013/09/06 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\calibre
[2012/03/12 13:37:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2012/11/04 01:33:17 | 000,000,000 | -HSD | M] -- C:\Users\Kenn\AppData\Roaming\Common
[2013/11/11 15:30:27 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2012/09/15 14:33:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DeepBurner
[2013/11/12 01:07:47 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DisplayFusion
[2013/11/13 20:55:19 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dropbox
[2012/09/14 21:28:00 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Fighters
[2013/04/29 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2013/09/02 18:03:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\HandBrake
[2013/11/02 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2012/11/26 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\iPadian
[2013/10/18 09:48:07 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Marine Aquarium 3
[2012/12/15 16:46:14 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\mp3DirectCut
[2012/07/21 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Music Editor Free
[2013/09/21 06:50:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Octane
[2012/03/09 15:20:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2012/03/22 10:56:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Origin
[2012/04/17 20:02:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Peter L Jones
[2012/09/20 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2012/03/30 13:39:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2012/12/22 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk
[2013/11/13 20:04:00 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SearchProtect
[2013/11/11 18:40:19 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SendSpace
[2012/07/19 14:48:48 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Syncdocs
[2013/11/13 18:59:40 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2013/06/12 15:31:50 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer
[2012/10/10 17:38:41 | 000,000,000 | -HSD | M] -- C:\Users\Kenn\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 13 November 2013 - 08:47 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
NorthstarATL
Posted 13 November 2013 - 09:53 PM

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Thank you so much for responding! I followed your instructions and here are the logs:
First, ADW:
# AdwCleaner v3.012 - Report created 13/11/2013 at 22:06:22
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Kenn - KENN-PC
# Running from : C:\Users\Kenn\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Deleted : C:\END
File Deleted : C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\Kenn\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_360582d7
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306058
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\Kenn\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup
Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [6610 octets] - [13/11/2013 19:59:29]
AdwCleaner[R1].txt - [6317 octets] - [13/11/2013 20:26:53]
AdwCleaner[R2].txt - [6339 octets] - [13/11/2013 21:37:43]
AdwCleaner[R3].txt - [6279 octets] - [13/11/2013 22:05:36]
AdwCleaner[S0].txt - [791 octets] - [13/11/2013 20:03:52]
AdwCleaner[S1].txt - [343 octets] - [13/11/2013 20:27:55]
AdwCleaner[S2].txt - [343 octets] - [13/11/2013 21:42:23]
AdwCleaner[S3].txt - [6145 octets] - [13/11/2013 22:06:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [6205 octets] ##########
Second, JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Kenn on Wed 11/13/2013 at 22:14:48.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{39BBBCF4-7D0E-4715-9EBE-196E647401EE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Kenn\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Kenn\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{015A8623-E193-49C3-9AE7-54CE942ADBB0}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{04C531E1-8A6A-411F-B3B5-C7F0BF036C67}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{07A503F8-98EC-4CCE-80D1-E1D5B9F5AED3}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{0B638EE4-EAE8-4ADC-A4A3-E4025302B31B}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{0D0E4FBD-5610-4224-8D8D-06271D6EF14F}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{0F16F191-D1FF-4958-A67F-88DD06FE9CF4}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{1064CD35-01CE-4868-A014-95B3D0FC6B14}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{1720D6CB-BF9E-4243-8468-2F2478000A17}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{1743F765-FB35-4292-A55B-3AD0D88C9F85}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{17FDFACB-5B98-49CB-A276-510232F02D86}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{1CFAB8BF-00FC-4423-B22E-53DDE50E149B}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{1D7965DC-2394-44A6-8A0B-0E1EF58E5808}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{1DB1DBB1-5053-49A4-99F2-275C35D086BF}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{1E98DDB0-2009-4196-82B0-2FACFB8EF116}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{225178E5-758D-460C-AD0D-FA8C65D5499A}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{24A5F59B-5E6D-4DD7-9F9B-CA6463FCB12F}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{27AE537C-F527-4479-BB14-4320AB97DBE9}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{2B386D63-6088-480C-9839-B1A2507A7819}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{2D486D95-D44B-4785-9922-41DBC148030B}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{2F8FDDF7-046B-4424-9B4D-5EDE27F23A1F}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{319407E4-EA67-4F1B-9CF0-F07FAB04DBEC}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{3763663B-576E-4EDD-9F8B-6903241D4D66}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{37CDD11A-4726-4646-A345-25A94E78ED95}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{3A95D51D-A3D4-4B4F-8369-95C0C4947022}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{3B403FE2-C137-440D-ADF9-C8A7E5A8FEA9}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{3ECD5569-ADE1-4F7B-AA9A-4EA7A26F4AAA}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{41D16F2A-0F80-4F0E-A30F-1CCF6D8204FD}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{484662E5-EFE4-48B0-9995-C3EDAFF58B22}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{49A93D2F-C39C-406C-9DFC-AFA7936A8821}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{4B465AC1-7BA3-446E-93DB-7F25C91B6647}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{4D6DAB48-18BF-4128-B514-898B9417F208}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{4E70E0FE-58AA-43A4-9392-309F1AC18B0E}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{51921B9E-DF67-4F88-874B-31152A50BB78}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{55B0B481-9AC2-4A8D-9E45-16065A8ECE3A}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{5643C758-503A-4BFF-ADC7-0A630D06AF8B}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{5CE2DB1A-6A76-4C20-9785-F88107DEB9F2}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{5E449CF1-4647-445A-BD2E-A120023933A8}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{62FC44A5-00D6-4D58-A0CF-D6A54AA40CEC}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{6A11E14E-8592-402B-AB29-D9D0A983FFEE}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{6D49B582-92FF-4271-A4D3-E06382FB9B56}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{6FF73F58-2B1B-45CD-936A-E75F4AE6FED5}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{7855140E-2D64-4B59-83D8-1E3716EE5A6F}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{787D3921-C716-4F6D-A0BA-A81A8FDF9D4E}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{7BA61EC2-C7CD-4D72-ACF5-3B9AEE4AF35B}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{84C82A7E-C536-43FD-9714-6E5AF6E48111}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{8B21D948-EF78-490B-8B92-029A1A00BD63}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{90893108-E9E3-4361-8724-4A7E7F2A5839}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{94B12A91-B516-495F-99E6-5DFC017F3CB2}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{9A9A9EAB-0D51-4B04-B694-99D58337554D}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{A0915A08-75BA-4A24-86E1-45AA1CCF09D4}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{A378D212-AE5A-484F-8722-0D7750906A6E}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{A89025EB-9337-4FA0-8C00-7C50ACA480DB}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{AB2720F2-0674-4FCF-AD31-7FA20A619093}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{B0080A1F-20B7-4038-A410-3C69273B0C95}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{B070625D-CE20-482F-8572-E59344CAF62A}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{B6D12507-2299-49A5-BBA7-F6A9790DB3D4}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{BAE17DD4-1E88-4877-8CDE-7115BA495278}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{BB77499F-2665-497C-A702-FB528895231E}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{BC2FEB8B-AF1E-4136-8B17-910D53890EA4}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{C7957AF9-E23D-4A8D-8207-3A5478F55E75}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{CF1A3C6A-AD7C-452A-A578-91DA4D6DD246}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{CFDDD657-7038-4FCC-A400-82A8A3A085D7}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{D14CDCA0-BF46-43B6-B013-97A8A23B8E8D}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{D25CF387-651E-49CF-B3C8-9EE6875CD842}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{D262B606-C640-4C02-ABA1-A58D7525F39D}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{D2F98794-D078-4558-8D55-AE1FD8965ED2}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{D37A1E91-1CD7-49C5-93C8-2E1409A7BF57}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{D8EBFF02-6706-494A-AA7F-0076F03BAA2C}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{DAFDB56D-EF4B-4916-B623-21361C62B250}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{E08E778F-3807-42DE-8FDA-DEB5AC1D8173}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{E1165560-91FA-43FA-9FC8-11C1AAEBC943}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{E20C31D2-FBA3-4CB9-8B32-3959D02CD80A}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{E726F53D-ED38-4834-B0C1-1B8B96672BAF}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{E9A7F677-FE3D-4BF1-A6DB-752392285D62}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{EB118C5A-A302-4416-A030-B4B95A6F4F61}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{ECDF8BB7-FA31-4431-9A67-2619A02F8E88}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{EEFE9A07-1F63-4C50-8A5B-F067C816592A}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{EF9DEA33-8FA2-4AE3-81B4-9387E9B04B5F}
Successfully deleted: [Empty Folder] C:\Users\Kenn\appdata\local\{F78F545F-3659-4AB4-AB3C-0022BE1974D3}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/13/2013 at 22:17:18.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Third, FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Kenn (administrator) on KENN-PC on 13-11-2013 22:19:05
Running from C:\Users\Kenn\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Hauppauge Computer Works, Inc) C:\Program Files\WinTV\Extend\WinTVExtender.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC207\Monitor.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Binary Fortress Software) C:\Program Files\DisplayFusion\DisplayFusion.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Fred's Software) C:\Program Files\PrintKey2000\Printkey2000.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Dropbox, Inc.) C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [dellsupportcenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
HKLM\...\Run: [PAC207_Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [DisplayFusion] - C:\Program Files\DisplayFusion\DisplayFusion.exe [1949088 2011-05-20] (Binary Fortress Software)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
MountPoints2: {55020cc0-7457-11e1-b322-806e6f6e6963} - L:\Setup.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [ooVoo] - C\ooVoo.exe /minimized
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [ooVoo] - C\ooVoo.exe /minimized
Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x90F8F7045A1FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DownloadHelper Class - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files\Common Files\Download Helper\DownloadHelper.dll (IE Download Helper)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\scenicreflectionstb.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\fbphotozoom\fbphotozoom13.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "urls_to_restore_on_startup": [
CHR Extension: (Google Drive) - C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (SuRf annd keep) - C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flknhnkedeggedkbnajlbhfdmcfmgdbl\2.19
CHR Extension: (FBPHOTOZOOM) - C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR HKLM\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\Kenn\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom13.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-04-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-04-19] (BlueStack Systems, Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation)
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 Hauppauge WinTV Extender; C:\Program Files\WinTV\Extend\WinTVExtender.exe [71680 2011-10-28] (Hauppauge Computer Works, Inc)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)
S2 PanService; C:\Program Files\PANDORA.TV\PanService\KMPService.exe [x]

==================== Drivers (Whitelisted) ====================

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-25] (Applian Technologies Inc.)
S3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-25] (Applian Technologies Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-04-19] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-09-23] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslfd6e96ac; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5DD5A04-3EB2-49B6-B291-A96EAEA8B4F5}\MpKslfd6e96ac.sys [40392 2013-11-13] (Microsoft Corporation)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [618112 2008-02-13] (PixArt Imaging Inc.)
R0 RRamdisk; C:\Windows\System32\DRIVERS\rramdisk.sys [10368 2003-12-09] (gavotte)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-06-25] (Duplex Secure Ltd.)
U3 awumox4x; C:\Windows\System32\Drivers\awumox4x.sys [0 ] (Microsoft Corporation)
S3 HcwMocurIR; system32\drivers\HcwMocurIR.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-13 22:19 - 2013-11-13 22:20 - 00015328 _____ C:\Users\Kenn\Downloads\FRST.txt
2013-11-13 22:18 - 2013-11-13 22:18 - 00000000 ____D C:\FRST
2013-11-13 22:17 - 2013-11-13 22:17 - 00009761 _____ C:\Users\Kenn\Desktop\JRT.txt
2013-11-13 22:14 - 2013-11-13 22:14 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 22:05 - 2013-11-13 22:05 - 00002168 _____ C:\Users\Kenn\Documents\11_13_Fix.txt
2013-11-13 22:03 - 2013-11-13 22:03 - 00000000 ____D C:\Users\Kenn\AppData\Local\CrashDumps
2013-11-13 22:02 - 2013-11-13 22:02 - 00000887 _____ C:\Users\Kenn\Documents\Code.txt
2013-11-13 22:01 - 2013-11-13 22:02 - 01090529 _____ (Farbar) C:\Users\Kenn\Downloads\FRST.exe
2013-11-13 22:01 - 2013-11-13 22:01 - 01034531 _____ (Thisisu) C:\Users\Kenn\Downloads\JRT.exe
2013-11-13 21:59 - 2013-11-13 21:59 - 01085542 _____ C:\Users\Kenn\Downloads\AdwCleaner(1).exe
2013-11-13 21:42 - 2013-11-13 21:42 - 00000088 _____ C:\Users\Kenn\Documents\ADWItems.txt
2013-11-13 21:35 - 2013-11-13 21:36 - 00000000 ____D C:\Users\Kenn\Downloads\[ www.Torrenting.com ] - Arrow.S02E06.720p.HDTV.X264-DIMENSION
2013-11-13 21:23 - 2013-11-13 21:23 - 00071000 _____ C:\Users\Kenn\Downloads\Extras.Txt
2013-11-13 21:22 - 2013-11-13 21:22 - 00091660 _____ C:\Users\Kenn\Downloads\OTL.Txt
2013-11-13 21:07 - 2013-11-13 21:07 - 00602112 _____ (OldTimer Tools) C:\Users\Kenn\Downloads\OTL.exe
2013-11-13 20:33 - 2013-11-13 20:37 - 00000000 ____D C:\Users\Kenn\Desktop\RK_Quarantine
2013-11-13 19:59 - 2013-11-13 22:06 - 00000000 ____D C:\AdwCleaner
2013-11-13 19:51 - 2013-11-13 21:34 - 00001367 _____ C:\Users\Kenn\Documents\GTG.txt
2013-11-13 19:51 - 2013-11-13 19:50 - 03643392 _____ C:\Users\Kenn\Downloads\RogueKiller.exe
2013-11-13 19:10 - 2013-11-13 19:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2013-11-12 21:58 - 2013-11-12 22:08 - 00000000 ____D C:\Users\Kenn\Downloads\The.Originals.S01E07.720p.HDTV.X264-DIMENSION [PublicHD]
2013-11-12 15:13 - 2013-10-13 04:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 15:13 - 2013-10-13 04:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 15:13 - 2013-10-13 04:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 15:13 - 2013-10-13 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 15:13 - 2013-10-13 04:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 15:12 - 2013-10-13 05:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 15:12 - 2013-10-13 05:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 15:12 - 2013-10-13 04:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 15:12 - 2013-10-13 04:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 15:12 - 2013-10-13 04:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 15:12 - 2013-10-13 04:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 15:12 - 2013-10-13 04:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 15:12 - 2013-10-13 04:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 15:12 - 2013-10-13 04:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 15:12 - 2013-10-13 04:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 15:12 - 2013-10-13 04:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 14:58 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 14:58 - 2013-10-03 07:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 14:57 - 2013-10-10 21:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 14:57 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 14:57 - 2013-10-10 19:39 - 00218228 _____ C:\Windows\system32\WFP.TMF
2013-11-12 12:26 - 2013-11-12 12:27 - 06284957 _____ C:\Users\Kenn\Downloads\Matthew Schuler - Hallelujah - Studio Version - The Voice US 2013 (Low).mp4
2013-11-11 18:40 - 2013-11-13 19:00 - 00000000 ____D C:\Program Files\ss helper
2013-11-11 18:40 - 2013-11-11 18:40 - 00000000 ____D C:\ProgramData\WinterSoft
2013-11-11 18:39 - 2013-11-13 19:00 - 00000000 ____D C:\ProgramData\suRf and ekeeep
2013-11-11 18:39 - 2013-11-13 19:00 - 00000000 ____D C:\Program Files\suRf and ekeeep
2013-11-11 18:39 - 2013-11-11 18:39 - 00000000 ____D C:\ProgramData\ad10b6c74973e046
2013-11-11 18:38 - 2013-11-11 18:40 - 00000000 ____D C:\ProgramData\InstallMate
2013-11-11 17:54 - 2013-11-11 18:57 - 1694649561 ____R C:\Users\Kenn\Downloads\BoundGods - Connor Maguire and Duncan Black (34007).mp4
2013-11-11 16:33 - 2013-11-13 20:44 - 00003718 _____ C:\Windows\PFRO.log
2013-11-11 15:55 - 2013-11-13 22:14 - 00231121 _____ C:\Windows\WindowsUpdate.log
2013-11-11 15:52 - 2013-11-11 15:52 - 00000514 _____ C:\Users\Kenn\Documents\cc_20131111_155241.reg
2013-11-11 15:33 - 2013-11-11 15:33 - 00024126 _____ C:\Users\Kenn\Documents\cc_20131111_153317.reg
2013-11-11 15:05 - 2013-11-11 16:33 - 00000000 ____D C:\Windows\pss
2013-11-11 14:55 - 2013-11-11 14:55 - 00000000 ____D C:\Users\Kenn\AppData\Local\NativeMessaging
2013-11-11 13:37 - 2013-11-13 18:59 - 00000436 _____ C:\Users\Kenn\settings.sav
2013-11-09 19:33 - 2013-11-09 20:14 - 00000000 ____D C:\Users\Kenn\Downloads\Archie 642-648 (2013) (c2c) (Jojo)
2013-11-09 19:30 - 2013-11-09 19:32 - 14328830 _____ C:\Users\Kenn\Downloads\Smallville - Titans 03 (of 4) (2013) (Digital) (JK-Empire).cbr
2013-11-08 01:26 - 2013-11-08 01:32 - 77054460 ____R C:\Users\Kenn\Downloads\Lorde - Royals (US Version) [1080p] 5.1ch AAC.mkv
2013-11-07 12:52 - 2013-11-07 14:06 - 00000000 ____D C:\Users\Kenn\Downloads\The Wolverine (2013)
2013-11-06 12:24 - 2013-11-06 12:24 - 00001336 _____ C:\Users\Kenn\Documents\Baked Fried Chick.txt
2013-11-06 08:28 - 2013-11-06 08:32 - 00000000 ____D C:\Users\Kenn\Downloads\iTunes Singles Pack (2013)[www.lokotorrents.com]
2013-11-05 20:01 - 2013-11-05 20:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-04 17:51 - 2013-11-04 17:51 - 00000000 ____D C:\Users\Kenn\Documents\2013-11-04 Kenneth_Credit Union
2013-11-04 08:14 - 2013-11-04 16:44 - 00000795 _____ C:\Users\Kenn\Documents\German Consulate Letter.txt
2013-11-01 18:10 - 2013-11-01 20:20 - 00000000 ____D C:\Users\Kenn\Downloads\Relax and Meditative 2[www.lokotorrents.com][mp3]
2013-10-30 11:07 - 2013-10-30 11:08 - 00000000 ____D C:\ProgramData\BlueStacks
2013-10-30 11:07 - 2013-10-30 11:07 - 00000000 ____D C:\Program Files\BlueStacks
2013-10-25 09:22 - 2013-10-25 09:22 - 00001151 _____ C:\Users\Kenn\Desktop\TS3W - Shortcut.lnk
2013-10-24 17:11 - 2013-10-24 17:11 - 00000517 _____ C:\Users\Kenn\Documents\Credit Union App.txt
2013-10-24 16:00 - 2013-11-01 04:02 - 00000000 ____D C:\Users\Kenn\Documents\Electronic Arts
2013-10-24 14:43 - 2013-10-30 05:06 - 00000757 _____ C:\Users\Kenn\Documents\Sims 3 Expansion Order.txt
2013-10-24 14:40 - 2013-11-01 03:57 - 00000000 ____D C:\Program Files\Electronic Arts
2013-10-24 14:28 - 2013-10-24 14:28 - 00004962 _____ C:\Users\Kenn\Documents\cc_20131024_152812.reg
2013-10-22 22:39 - 2013-10-23 17:56 - 00000000 ____D C:\Users\Kenn\Cache
2013-10-19 06:16 - 2013-10-19 06:16 - 00030308 _____ C:\Users\Kenn\Documents\cc_20131019_071650.reg
2013-10-19 05:41 - 2013-10-22 16:46 - 00000000 ____D C:\Users\Kenn\Documents\Freemake
2013-10-19 05:41 - 2013-10-22 16:45 - 00000000 ____D C:\ProgramData\Freemake
2013-10-19 05:41 - 2013-10-19 05:41 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-10-19 05:41 - 2013-10-19 05:41 - 00000000 ____D C:\Program Files\Freemake
2013-10-16 04:02 - 2013-10-16 04:02 - 00000000 ____D C:\ProgramData\Oracle
2013-10-16 04:02 - 2013-10-16 04:02 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-16 04:02 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-10-16 04:02 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-16 04:02 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-16 04:02 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-16 03:59 - 2013-10-16 04:02 - 00004734 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log

==================== One Month Modified Files and Folders =======

2013-11-13 22:20 - 2013-11-13 22:19 - 00015328 _____ C:\Users\Kenn\Downloads\FRST.txt
2013-11-13 22:18 - 2013-11-13 22:18 - 00000000 ____D C:\FRST
2013-11-13 22:17 - 2013-11-13 22:17 - 00009761 _____ C:\Users\Kenn\Desktop\JRT.txt
2013-11-13 22:17 - 2012-06-17 22:14 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 22:14 - 2013-11-13 22:14 - 00000000 ____D C:\Windows\ERUNT
2013-11-13 22:14 - 2013-11-11 15:55 - 00231121 _____ C:\Windows\WindowsUpdate.log
2013-11-13 22:11 - 2013-09-19 19:33 - 00000000 ___RD C:\Users\Kenn\Dropbox
2013-11-13 22:11 - 2013-09-19 19:28 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\Dropbox
2013-11-13 22:10 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-13 22:09 - 2012-06-17 22:14 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 22:08 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-13 22:08 - 2006-11-02 07:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 22:08 - 2006-11-02 07:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 22:07 - 2006-11-02 08:01 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-13 22:06 - 2013-11-13 19:59 - 00000000 ____D C:\AdwCleaner
2013-11-13 22:05 - 2013-11-13 22:05 - 00002168 _____ C:\Users\Kenn\Documents\11_13_Fix.txt
2013-11-13 22:04 - 2012-12-16 13:41 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\uTorrent
2013-11-13 22:03 - 2013-11-13 22:03 - 00000000 ____D C:\Users\Kenn\AppData\Local\CrashDumps
2013-11-13 22:02 - 2013-11-13 22:02 - 00000887 _____ C:\Users\Kenn\Documents\Code.txt
2013-11-13 22:02 - 2013-11-13 22:01 - 01090529 _____ (Farbar) C:\Users\Kenn\Downloads\FRST.exe
2013-11-13 22:01 - 2013-11-13 22:01 - 01034531 _____ (Thisisu) C:\Users\Kenn\Downloads\JRT.exe
2013-11-13 21:59 - 2013-11-13 21:59 - 01085542 _____ C:\Users\Kenn\Downloads\AdwCleaner(1).exe
2013-11-13 21:51 - 2012-03-09 14:13 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job
2013-11-13 21:44 - 2013-02-15 08:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 21:42 - 2013-11-13 21:42 - 00000088 _____ C:\Users\Kenn\Documents\ADWItems.txt
2013-11-13 21:36 - 2013-11-13 21:35 - 00000000 ____D C:\Users\Kenn\Downloads\[ www.Torrenting.com ] - Arrow.S02E06.720p.HDTV.X264-DIMENSION
2013-11-13 21:34 - 2013-11-13 19:51 - 00001367 _____ C:\Users\Kenn\Documents\GTG.txt
2013-11-13 21:23 - 2013-11-13 21:23 - 00071000 _____ C:\Users\Kenn\Downloads\Extras.Txt
2013-11-13 21:22 - 2013-11-13 21:22 - 00091660 _____ C:\Users\Kenn\Downloads\OTL.Txt
2013-11-13 21:07 - 2013-11-13 21:07 - 00602112 _____ (OldTimer Tools) C:\Users\Kenn\Downloads\OTL.exe
2013-11-13 20:47 - 2006-11-02 07:47 - 03599192 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-13 20:44 - 2013-11-11 16:33 - 00003718 _____ C:\Windows\PFRO.log
2013-11-13 20:44 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2013-11-13 20:37 - 2013-11-13 20:33 - 00000000 ____D C:\Users\Kenn\Desktop\RK_Quarantine
2013-11-13 20:02 - 2012-11-18 15:53 - 00000000 ____D C:\FFOutput
2013-11-13 19:50 - 2013-11-13 19:51 - 03643392 _____ C:\Users\Kenn\Downloads\RogueKiller.exe
2013-11-13 19:10 - 2013-11-13 19:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2013-11-13 19:09 - 2006-11-02 05:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 19:08 - 2012-03-02 23:37 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-11-13 19:00 - 2013-11-11 18:40 - 00000000 ____D C:\Program Files\ss helper
2013-11-13 19:00 - 2013-11-11 18:39 - 00000000 ____D C:\ProgramData\suRf and ekeeep
2013-11-13 19:00 - 2013-11-11 18:39 - 00000000 ____D C:\Program Files\suRf and ekeeep
2013-11-13 18:59 - 2013-11-11 13:37 - 00000436 _____ C:\Users\Kenn\settings.sav
2013-11-13 18:47 - 2012-03-03 00:19 - 00000000 ____D C:\Users\Kenn\dwhelper
2013-11-13 18:36 - 2013-07-30 09:51 - 00004294 _____ C:\Users\Kenn\Documents\NeverEndingText.txt
2013-11-13 16:56 - 2012-03-02 23:14 - 00096256 _____ C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-13 12:55 - 2012-03-04 13:40 - 00000000 ____D C:\Users\Kenn\Documents\My PSP Files
2013-11-13 00:51 - 2012-03-09 14:13 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job
2013-11-12 22:08 - 2013-11-12 21:58 - 00000000 ____D C:\Users\Kenn\Downloads\The.Originals.S01E07.720p.HDTV.X264-DIMENSION [PublicHD]
2013-11-12 15:52 - 2012-03-03 00:43 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-12 15:51 - 2012-03-03 00:42 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-12 15:41 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2013-11-12 15:11 - 2013-07-12 09:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 15:02 - 2006-11-02 05:24 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-12 12:27 - 2013-11-12 12:26 - 06284957 _____ C:\Users\Kenn\Downloads\Matthew Schuler - Hallelujah - Studio Version - The Voice US 2013 (Low).mp4
2013-11-12 09:07 - 2012-03-15 04:46 - 00000000 ____D C:\Users\Kenn\Audio
2013-11-12 01:07 - 2012-11-04 01:33 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\DisplayFusion
2013-11-11 18:57 - 2013-11-11 17:54 - 1694649561 ____R C:\Users\Kenn\Downloads\BoundGods - Connor Maguire and Duncan Black (34007).mp4
2013-11-11 18:40 - 2013-11-11 18:40 - 00000000 ____D C:\ProgramData\WinterSoft
2013-11-11 18:40 - 2013-11-11 18:38 - 00000000 ____D C:\ProgramData\InstallMate
2013-11-11 18:39 - 2013-11-11 18:39 - 00000000 ____D C:\ProgramData\ad10b6c74973e046
2013-11-11 17:55 - 2012-03-11 14:54 - 00005621 _____ C:\Users\Kenn\Documents\Passwords.txt
2013-11-11 16:33 - 2013-11-11 15:05 - 00000000 ____D C:\Windows\pss
2013-11-11 15:52 - 2013-11-11 15:52 - 00000514 _____ C:\Users\Kenn\Documents\cc_20131111_155241.reg
2013-11-11 15:33 - 2013-11-11 15:33 - 00024126 _____ C:\Users\Kenn\Documents\cc_20131111_153317.reg
2013-11-11 15:30 - 2012-03-03 14:32 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
2013-11-11 15:19 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\PLA
2013-11-11 15:10 - 2012-03-02 19:37 - 00002032 _____ C:\Users\Kenn\AppData\Local\d3d9caps.dat
2013-11-11 14:55 - 2013-11-11 14:55 - 00000000 ____D C:\Users\Kenn\AppData\Local\NativeMessaging
2013-11-11 14:51 - 2012-04-05 11:13 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\Audacity
2013-11-11 13:37 - 2012-03-02 19:37 - 00000000 ____D C:\Users\Kenn
2013-11-11 08:18 - 2012-06-06 17:18 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\DVD Flick
2013-11-10 23:47 - 2012-04-04 07:13 - 00000000 ____D C:\Users\Kenn\Documents\Brides Of Dracula
2013-11-09 20:14 - 2013-11-09 19:33 - 00000000 ____D C:\Users\Kenn\Downloads\Archie 642-648 (2013) (c2c) (Jojo)
2013-11-09 19:32 - 2013-11-09 19:30 - 14328830 _____ C:\Users\Kenn\Downloads\Smallville - Titans 03 (of 4) (2013) (Digital) (JK-Empire).cbr
2013-11-08 09:16 - 2012-04-13 11:05 - 00001095 _____ C:\Users\Kenn\Documents\Follow Friday.txt
2013-11-08 01:32 - 2013-11-08 01:26 - 77054460 ____R C:\Users\Kenn\Downloads\Lorde - Royals (US Version) [1080p] 5.1ch AAC.mkv
2013-11-07 14:06 - 2013-11-07 12:52 - 00000000 ____D C:\Users\Kenn\Downloads\The Wolverine (2013)
2013-11-07 00:49 - 2013-09-19 19:29 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-06 12:24 - 2013-11-06 12:24 - 00001336 _____ C:\Users\Kenn\Documents\Baked Fried Chick.txt
2013-11-06 09:19 - 2012-09-14 14:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-06 08:32 - 2013-11-06 08:28 - 00000000 ____D C:\Users\Kenn\Downloads\iTunes Singles Pack (2013)[www.lokotorrents.com]
2013-11-05 22:53 - 2013-01-22 19:54 - 00016632 _____ C:\Users\Kenn\AppData\Local\av.log
2013-11-05 20:58 - 2013-11-05 20:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-04 17:51 - 2013-11-04 17:51 - 00000000 ____D C:\Users\Kenn\Documents\2013-11-04 Kenneth_Credit Union
2013-11-04 16:44 - 2013-11-04 08:14 - 00000795 _____ C:\Users\Kenn\Documents\German Consulate Letter.txt
2013-11-02 17:36 - 2012-03-03 15:05 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\ImgBurn
2013-11-01 20:20 - 2013-11-01 18:10 - 00000000 ____D C:\Users\Kenn\Downloads\Relax and Meditative 2[www.lokotorrents.com][mp3]
2013-11-01 04:02 - 2013-10-24 16:00 - 00000000 ____D C:\Users\Kenn\Documents\Electronic Arts
2013-11-01 03:57 - 2013-10-24 14:40 - 00000000 ____D C:\Program Files\Electronic Arts
2013-11-01 03:57 - 2012-03-03 04:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-31 20:58 - 2012-03-22 10:55 - 00000000 ____D C:\Program Files\Origin
2013-10-30 22:38 - 2012-03-22 10:55 - 00000000 ____D C:\ProgramData\Origin
2013-10-30 12:44 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-30 11:08 - 2013-10-30 11:07 - 00000000 ____D C:\ProgramData\BlueStacks
2013-10-30 11:07 - 2013-10-30 11:07 - 00000000 ____D C:\Program Files\BlueStacks
2013-10-30 06:45 - 2012-03-03 00:15 - 00000000 ____D C:\Users\Kenn\Documents\FFOutput
2013-10-30 05:06 - 2013-10-24 14:43 - 00000757 _____ C:\Users\Kenn\Documents\Sims 3 Expansion Order.txt
2013-10-29 08:34 - 2013-08-08 20:58 - 00000736 _____ C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-10-27 07:01 - 2013-05-22 16:15 - 00000000 ____D C:\Users\Kenn\Sims 3
2013-10-26 11:25 - 2013-01-09 17:39 - 00000038 _____ C:\Windows\AviSplitter.INI
2013-10-25 13:33 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Web
2013-10-25 09:22 - 2013-10-25 09:22 - 00001151 _____ C:\Users\Kenn\Desktop\TS3W - Shortcut.lnk
2013-10-24 17:11 - 2013-10-24 17:11 - 00000517 _____ C:\Users\Kenn\Documents\Credit Union App.txt
2013-10-24 14:28 - 2013-10-24 14:28 - 00004962 _____ C:\Users\Kenn\Documents\cc_20131024_152812.reg
2013-10-23 17:56 - 2013-10-22 22:39 - 00000000 ____D C:\Users\Kenn\Cache
2013-10-22 16:46 - 2013-10-19 05:41 - 00000000 ____D C:\Users\Kenn\Documents\Freemake
2013-10-22 16:45 - 2013-10-19 05:41 - 00000000 ____D C:\ProgramData\Freemake
2013-10-21 13:42 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\ShellNew
2013-10-19 06:16 - 2013-10-19 06:16 - 00030308 _____ C:\Users\Kenn\Documents\cc_20131019_071650.reg
2013-10-19 05:41 - 2013-10-19 05:41 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-10-19 05:41 - 2013-10-19 05:41 - 00000000 ____D C:\Program Files\Freemake
2013-10-18 09:48 - 2013-10-12 16:56 - 00000000 ____D C:\Users\Kenn\AppData\Roaming\Marine Aquarium 3
2013-10-17 08:52 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\IME
2013-10-16 04:02 - 2013-10-16 04:02 - 00000000 ____D C:\ProgramData\Oracle
2013-10-16 04:02 - 2013-10-16 04:02 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-16 04:02 - 2013-10-16 03:59 - 00004734 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-10-16 04:02 - 2012-06-14 12:24 - 00000000 ____D C:\Program Files\Java

Files to move or delete:
====================
C:\Users\Kenn\AppData\Roaming\desktop.ini
C:\Users\Kenn\Large Address Aware.exe
C:\Users\Kenn\TS3Lib.dll


Some content of TEMP:
====================
C:\Users\Kenn\AppData\Local\Temp\FastDownload.exe
C:\Users\Kenn\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Kenn\AppData\Local\Temp\Quarantine.exe
C:\Users\Kenn\AppData\Local\Temp\tbConn.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-13 22:17

==================== End Of Log ============================
and the Addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-11-2013
Ran by Kenn at 2013-11-13 22:20:31
Running from C:\Users\Kenn\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30180)
µTorrent (Version: 3.3.0.29625)
32 Bit HP CIO Components Installer (Version: 1.0.0)
AAC ACM Codec 1.9 (Version: 1.9)
AC-3 ACM Codec 2.2 (Version: 2.2)
Adobe AIR (Version: 3.5.0.600)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Digital Editions
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.8) (Version: 10.1.8)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
Angry Birds Seasons (Version: 2.3.0)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ArcSoft WebCam Companion 3 (Version: 3.0.33.183)
Audacity 1.3.14 (Unicode)
AVIcodec (remove only)
AviSynth 2.5
Batman Arkham City Game Of The Year Edition (Version: 1.03)
BlueStacks App Player (Version: 0.7.11.885)
BlueStacks Notification Center (Version: 0.7.11.885)
Bodyshop Mechanic (Version: .36b)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
C4400 (Version: 100.0.206.000)
C4400_Help (Version: 100.0.206.000)
calibre (Version: 0.9.18)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0704.122.388)
Catalyst Control Center Graphics Previews Common (Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (Version: 2012.0704.122.388)
Catalyst Control Center Localization All (Version: 2012.0704.122.388)
CC Magic
CCC Help Chinese Standard (Version: 2012.0704.0121.388)
CCC Help Chinese Traditional (Version: 2012.0704.0121.388)
CCC Help Czech (Version: 2012.0704.0121.388)
CCC Help Danish (Version: 2012.0704.0121.388)
CCC Help Dutch (Version: 2012.0704.0121.388)
CCC Help English (Version: 2012.0704.0121.388)
CCC Help Finnish (Version: 2012.0704.0121.388)
CCC Help French (Version: 2012.0704.0121.388)
CCC Help German (Version: 2012.0704.0121.388)
CCC Help Greek (Version: 2012.0704.0121.388)
CCC Help Hungarian (Version: 2012.0704.0121.388)
CCC Help Italian (Version: 2012.0704.0121.388)
CCC Help Japanese (Version: 2012.0704.0121.388)
CCC Help Korean (Version: 2012.0704.0121.388)
CCC Help Norwegian (Version: 2012.0704.0121.388)
CCC Help Polish (Version: 2012.0704.0121.388)
CCC Help Portuguese (Version: 2012.0704.0121.388)
CCC Help Russian (Version: 2012.0704.0121.388)
CCC Help Spanish (Version: 2012.0704.0121.388)
CCC Help Swedish (Version: 2012.0704.0121.388)
CCC Help Thai (Version: 2012.0704.0121.388)
CCC Help Turkish (Version: 2012.0704.0121.388)
ccc-utility (Version: 2012.0704.122.388)
CCleaner (Version: 3.25)
CDisplay 1.8
CEP (Color Enable Package) v.9.2 (beta) (Version: 9.2 (beta))
Copy (Version: 100.0.170.000)
CustomerResearchQFolder (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.47.1.0333)
DeepBurner v1.9.0.228
Dell Dock (Version: 2.0)
Dell Resource CD (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.08100)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
D-Fend Reloaded 1.3.3 (deinstall) (Version: 1.3.3)
DisplayFusion 3.3.1 (Version: 3.3.1.0)
DocProc (Version: 10.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Dream Aquarium
Dropbox (HKCU Version: 2.4.6)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
DVD Shrink 3.2
DVDStyler v2.2
eSupportQFolder (Version: 1.00.0000)
Explorer Suite IV
ffdshow v1.1.4382 [2012-03-12] (Version: 1.1.4382.0)
FileHippo.com Update Checker
FormatFactory 3.1.1 (Version: 3.1.1)
Free Sound Recorder v9.3.1
Free WebM to AVI Converter 1.0
Freemake Video Downloader (Version: 3.5.4)
FULL-DISKfighter (Version: 1.3.61)
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (Version: 30.0.1599.101)
Google Drive (Version: 1.12.5329.1887)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.21.165)
GPBaseService (Version: 100.0.187.000)
gPhotoShow v1.6.3
HandBrake 0.9.8 (Version: 0.9.8)
Hauppauge MCE XP/Vista Software Encoder (2.0.28104) (Version: 2.0.28104)
Hauppauge Tuning Adapter Proxy (Version: 1.0.29278)
Hauppauge WinTV 7 (Version: v7.2.29302 (CD 2.4d))
Hauppauge WinTV-DCR-2650 IR Service (Version: 1.0.29309)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 4.000.007.003)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
Hulu Desktop (HKCU Version: 0.9.14)
IE Download Helper (Version: 3.5)
ImgBurn (Version: 2.5.8.0)
Intel® PRO Network Connections 12.1.11.0 (Version: )
iTunes (Version: 10.7.0.21)
Jasc Animation Shop 3 (Version: 3.11)
Jasc Paint Shop Photo Album 5 (Version: 5.0.1)
Jasc Paint Shop Pro 9 (Version: 9.00.0000)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 35 (Version: 6.0.350)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marine Aquarium (Version: 1.00.0000)
MarketResearch (Version: 100.0.170.000)
MassTube 11.1.1.627 (Version: 11.1.1.627)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Miro Video Converter (Version: 0.8.0)
MKVToolNix 5.5.0 (Version: 5.5.0)
Mozilla Firefox 25.0 (x86 en-US) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA DDS Utilities (Version: 1.0)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
ooVoo (Version: 3.5.8022)
Origin (Version: 9.3.1.4482)
PanoStandAlone (Version: 100.0.170.000)
PC Camer@ (Version: 1.0.4.15)
PDF Settings CS5 (Version: 10.0)
Picasa 3 (Version: 3.8)
PrintKey2000
PS_AIO_03_C4400_ProductContext (Version: 100.0.215.000)
PS_AIO_03_C4400_Software (Version: 100.0.206.000)
PS_AIO_03_C4400_Software_Min (Version: 100.0.213.000)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver
s3pe - Sims3 Package Editor (Version: 12-0310-0916)
Sansa Updater (HKCU Version: 1.313)
Scan (Version: 10.1.0.0)
Segoe UI (Version: 15.4.2271.0615)
Shop for HP Supplies (Version: 10.0)
SimPE PhotoStudio Templates 3.0 (Version: 3.0)
Sims 2 Categorizer
Sims 2 NPC Replacer
Sims2Pack Clean Installer
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 100.0.175.000)
SpywareBlaster 5.0 (Version: 5.0.0)
Status (Version: 100.0.175.000)
Syncdocs (Version: 1.0.312)
The KMPlayer (remove only) (Version: 3.7.0.113)
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 Seasons
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Teen Style Stuff
The Sims™ 3 (Version: 1.63.4)
The Sims™ 3 70s, 80s, & 90s Stuff (Version: 17.0.77)
The Sims™ 3 Ambitions (Version: 4.0.87)
The Sims™ 3 Diesel Stuff (Version: 14.0.48)
The Sims™ 3 Fast Lane Stuff (Version: 5.0.44)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (Version: 3.0.38)
The Sims™ 3 Into the Future (Version: 21.0.150)
The Sims™ 3 Island Paradise (Version: 19.0.101)
The Sims™ 3 Late Night (Version: 6.0.81)
The Sims™ 3 Master Suite Stuff (Version: 11.0.84)
The Sims™ 3 Movie Stuff (Version: 20.0.53)
The Sims™ 3 Outdoor Living Stuff (Version: 7.0.55)
The Sims™ 3 Pets (Version: 10.0.96)
The Sims™ 3 Seasons (Version: 16.0.136)
The Sims™ 3 Showtime (Version: 12.0.273)
The Sims™ 3 Supernatural (Version: 15.0.135)
The Sims™ 3 Town Life Stuff (Version: 9.0.73)
The Sims™ 3 University Life (Version: 18.0.126)
The Sims™ 3 World Adventures (Version: 2.0.86)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
TS3 Install Helper Monkey
UnloadSupport (Version: 10.0.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
VideoToolkit01 (Version: 100.0.128.000)
VLC media player 2.0.7 (Version: 2.0.7)
WebReg (Version: 100.0.170.000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Movie Maker 2.6 (Version: 2.6.4040.0)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
Yawcam 0.3.9
Zip Motion Block Video codec (Remove Only)

==================== Restore Points =========================

10-11-2013 07:10:52 Windows Update
11-11-2013 08:06:35 Scheduled Checkpoint
12-11-2013 08:01:51 Scheduled Checkpoint
12-11-2013 19:59:10 Windows Update
12-11-2013 20:50:29 Windows Update
13-11-2013 09:26:46 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 05:23 - 2013-04-27 17:24 - 00001114 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {07A94AA6-5528-4A65-BE5B-1D46F9E05643} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {0F645EAE-6AF4-4B4E-8FE2-BE68804C8075} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core => C:\Users\Kenn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {41C4F5DB-5A1F-4B49-AD76-3494A8BF3F74} - System32\Tasks\AdobeAAMUpdater-1.0-Kenn-PC-Kenn => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {6A8626C9-9BCF-4C2C-8051-1FACA8595F01} - System32\Tasks\{5C5C5821-F437-4F73-B1C8-67B5C9BC3E12} => Firefox.exe http://ui.skype.com/...e=tsProgressBar
Task: {7A88DB3F-9016-44F4-A970-BF6BB46B5D91} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {9A17F97C-E597-4696-A7B9-D88BC87ACC29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-17] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\System32\pla.dll [2008-01-20] (Microsoft Corporation)
Task: {A96F3E06-B5FD-48DB-8076-7149BDCC8F85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-17] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FEBC9F3A-9769-4AD9-9D7D-DA9CC7BA4D78} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA => C:\Users\Kenn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-09] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job => C:\Users\Kenn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job => C:\Users\Kenn\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-04 00:09 - 2012-07-04 00:09 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2013-08-14 01:41 - 2013-08-14 01:41 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ebd950906a4ecae2d2d9393408361996\VistaBridgeLibrary.ni.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2013-01-02 12:50 - 2011-10-27 21:16 - 00018944 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Kenn\AppData\Roaming\Dropbox\bin\libcef.dll
2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2007-10-19 23:37 - 2007-10-19 23:37 - 00065536 ____R () C:\Program Files\HP\Digital Imaging\bin\xmlparse.dll
2007-10-19 23:37 - 2007-10-19 23:37 - 00066048 ____R () C:\Program Files\HP\Digital Imaging\bin\xmltok.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-03-03 14:00 - 2012-02-17 23:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Hauppauge WinTV DCR-2650 Consumer IR
Description: Hauppauge WinTV DCR-2650 Consumer IR
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Hauppauge
Service: HcwMocurIR
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Hauppauge WinTV DCR-2650 Consumer IR
Description: Hauppauge WinTV DCR-2650 Consumer IR
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Hauppauge
Service: HcwMocurIR
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-10-09 09:57:34.987
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:57:34.855
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:57:34.730
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:57:34.558
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:56:48.952
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:56:48.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:56:48.675
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:56:48.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:56:47.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-09 09:56:47.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3325.27 MB
Available physical RAM: 1804.63 MB
Total Pagefile: 6894.45 MB
Available Pagefile: 5123.92 MB
Total Virtual: 3071.88 MB
Available Virtual: 2919.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.48 GB) (Free:58.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.54 GB) NTFS
Drive r: (RamDisk) (Fixed) (Total:0.02 GB) (Free:0.02 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: B8F606E3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581 GB) - (Type=07 NTFS)

==================== End Of Log ============================
and then OTL with the customization:
OTL logfile created on: 11/13/2013 10:24:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.90% Memory free
6.73 Gb Paging File | 5.00 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 58.36 Gb Free Space | 10.04% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive R: | 15.92 Mb Total Space | 15.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/13 21:07:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Downloads\OTL.exe
PRC - [2013/11/01 17:29:06 | 029,769,432 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/08/26 03:13:08 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/19 09:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/07/04 01:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/07/04 01:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/10/28 16:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Program Files\WinTV\Extend\WinTVExtender.exe
PRC - [2011/10/27 21:17:20 | 000,146,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2011/10/27 21:15:30 | 000,413,696 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2011/10/27 21:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2011/05/20 12:28:26 | 001,949,088 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2010/10/12 09:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 18:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 18:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/17 06:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 22:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/10/19 23:37:06 | 001,040,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
PRC - [1999/10/01 00:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/01 17:27:52 | 003,558,400 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/09 09:08:18 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f940155076fcae174050046721b66ec4\System.Security.ni.dll
MOD - [2013/10/09 09:08:17 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/09 08:47:40 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/09 08:47:16 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ab40b51ac49fbee9a48b5b74ff78d5d6\System.Core.ni.dll
MOD - [2013/10/09 08:47:08 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/09 08:46:51 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/09 08:46:40 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/14 01:51:03 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\1c782ef2a81ad2e6799c3bc38c8c7ec4\WindowsFormsIntegration.ni.dll
MOD - [2013/08/14 01:41:52 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\bc0e7f0d5e3a3d7f1620ef4785026da9\MenuSkinning.ni.dll
MOD - [2013/08/14 01:41:38 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ebd950906a4ecae2d2d9393408361996\VistaBridgeLibrary.ni.dll
MOD - [2013/08/14 01:41:37 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\2086bbf2f31e970b5609a54cd9868c66\DellDock.ni.exe
MOD - [2013/08/14 01:41:35 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\ce00a5e82fbe2eb68c3b64d4960c7568\MyDock.Util.ni.dll
MOD - [2013/08/14 01:41:22 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/14 01:41:16 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/14 01:41:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 00:39:08 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/14 00:38:47 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/14 00:37:44 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/11 01:44:20 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1c652846fd833029362d4e9f8906d619\UIAutomationProvider.ni.dll
MOD - [2013/07/11 01:43:22 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
MOD - [2013/07/11 01:06:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 01:05:08 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/07/04 01:16:08 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/07/04 00:09:18 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012/02/17 23:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/10/27 21:16:38 | 000,018,944 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2010/07/04 16:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2007/10/19 23:37:06 | 000,066,048 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\xmltok.dll
MOD - [2007/10/19 23:37:06 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\xmlparse.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\PANDORA.TV\PanService\KMPService.exe -- (PanService)
SRV - [2013/11/05 20:01:29 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/08 17:47:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/26 03:13:08 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/19 09:49:42 | 000,384,840 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/04/19 09:49:20 | 000,393,032 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/07/04 01:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/10/28 16:28:24 | 000,071,680 | ---- | M] (Hauppauge Computer Works, Inc) [Auto | Running] -- C:\Program Files\WinTV\Extend\WinTVExtender.exe -- (Hauppauge WinTV Extender)
SRV - [2011/10/27 21:15:16 | 000,570,368 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/11 13:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/26 18:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Windows\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\HcwMocurIR.sys -- (HcwMocurIR)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awumox4x)
DRV - [2013/11/13 22:08:33 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5DD5A04-3EB2-49B6-B291-A96EAEA8B4F5}\MpKslfd6e96ac.sys -- (MpKslfd6e96ac)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/09/23 08:59:00 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/06/25 08:14:16 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/04/19 09:49:26 | 000,063,816 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2012/07/04 01:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/07/04 01:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/07/04 00:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 07:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/09/29 10:21:42 | 001,621,136 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2011/06/25 19:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/25 19:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/02/13 20:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/13 16:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2003/12/09 09:04:40 | 000,010,368 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rramdisk.sys -- (RRamdisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 F8 F7 04 5A 1F CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Kenn\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kenn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenn\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\fbphotozoom\fbphotozoom13.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/05 20:01:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/05 20:01:03 | 000,000,000 | ---D | M]

[2013/02/15 07:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2013/11/11 14:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2013/11/11 14:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\C\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{515b2424-5911-40bd-8a2c-bdb20286d8f5}
[2013/10/19 05:48:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\Kenn\extensions
[2013/11/12 21:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions
[2013/08/26 16:12:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/11/11 18:39:36 | 000,000,000 | ---D | M] (SuRf annd keep) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\[email protected]
[2013/09/27 00:38:09 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Profiles\Kenn\extensions\[email protected]
[2013/11/05 20:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/05 20:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/11/05 20:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/05 20:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/05 20:01:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/10 11:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\scenicreflectionstb.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com
CHR - Extension: Google Drive = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: SuRf annd keep = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flknhnkedeggedkbnajlbhfdmcfmgdbl\2.19\
CHR - Extension: FBPHOTOZOOM = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\2.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\

O1 HOSTS File: ([2013/04/27 17:24:08 | 000,001,114 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DownloadHelper Class) - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files\Common Files\Download Helper\DownloadHelper.dll (IE Download Helper)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kenn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17946BC4-FB6A-46DF-8424-5D4E689A2DDB}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\DisplayFusion\Wallpaper_2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55020cc0-7457-11e1-b322-806e6f6e6963}\Shell\AutoRun\command - "" = L:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^Kenn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk - - File not found
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: BlueStacks Agent - hkey= - key= - C:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
MsConfig - StartUpReg: EA Core - hkey= - key= - File not found
MsConfig - StartUpReg: FDPRO-516 - hkey= - key= - File not found
MsConfig - StartUpReg: FileHippo.com - hkey= - key= - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Kenn\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GoogleDriveSync - hkey= - key= - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SansaDispatch - hkey= - key= - C:\Users\Kenn\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - File not found
MsConfig - StartUpReg: SyncDocs - hkey= - key= - C:\Program Files\Syncdocs\Syncdocs.exe (Doc Freedom)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.aacacm - C:\Windows\System32\AACACM.acm (fccHandler)
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/13 22:18:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/13 22:14:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/13 22:03:27 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\CrashDumps
[2013/11/13 20:33:51 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Desktop\RK_Quarantine
[2013/11/13 19:59:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/13 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/11/12 15:13:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/12 15:13:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/12 15:13:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/12 15:12:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/12 15:12:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/12 15:12:58 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/12 15:12:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/12 15:12:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/12 14:57:44 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/11 18:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinterSoft
[2013/11/11 18:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ss helper
[2013/11/11 18:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\suRf and ekeeep
[2013/11/11 18:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\suRf and ekeeep
[2013/11/11 18:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ad10b6c74973e046
[2013/11/11 18:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/11/11 15:05:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/11/11 14:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV
[2013/11/11 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Local\NativeMessaging
[2013/11/05 20:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/04 17:51:22 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\2013-11-04 Kenneth_Credit Union
[2013/10/30 11:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013/10/30 11:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013/10/30 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\BlueStacks
[2013/10/24 16:00:26 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\Electronic Arts
[2013/10/24 14:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2013/10/22 22:39:55 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Cache
[2013/10/19 05:41:32 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\Freemake
[2013/10/19 05:41:30 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/10/19 05:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/10/19 05:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/10/19 05:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2013/10/16 04:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/16 04:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/16 04:02:24 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/16 04:02:03 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/16 04:02:03 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/16 04:02:02 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/16 03:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2012/05/13 23:50:12 | 000,041,984 | ---- | C] (Lee 'FordGT90Concept' Glasser) -- C:\Users\Kenn\Large Address Aware.exe

========== Files - Modified Within 30 Days ==========

[2013/11/13 22:17:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/13 22:09:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 22:08:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 22:08:22 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 22:08:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/13 21:51:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000UA.job
[2013/11/13 21:44:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 20:47:08 | 003,599,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/13 19:09:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/13 19:09:58 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/13 18:59:33 | 000,000,436 | ---- | M] () -- C:\Users\Kenn\settings.sav
[2013/11/13 16:56:59 | 000,096,256 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/13 00:51:08 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3019194991-3436555038-3990252873-1000Core.job
[2013/11/12 15:52:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/11 15:52:44 | 000,000,514 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20131111_155241.reg
[2013/11/11 15:33:23 | 000,024,126 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20131111_153317.reg
[2013/11/11 15:10:47 | 000,002,032 | ---- | M] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2013/11/07 00:50:16 | 000,000,950 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/29 08:34:50 | 000,000,736 | ---- | M] () -- C:\Users\Kenn\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/10/26 11:25:50 | 000,000,038 | ---- | M] () -- C:\Windows\AviSplitter.INI
[2013/10/25 09:22:24 | 000,001,151 | ---- | M] () -- C:\Users\Kenn\Desktop\TS3W - Shortcut.lnk
[2013/10/24 14:28:19 | 000,004,962 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20131024_152812.reg
[2013/10/22 21:20:46 | 000,974,453 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-6.jpg
[2013/10/22 21:19:22 | 000,702,526 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-5.jpg
[2013/10/22 21:19:03 | 000,937,434 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot.jpg
[2013/10/20 20:10:23 | 000,711,683 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-4.jpg
[2013/10/20 20:06:16 | 000,782,070 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-3.jpg
[2013/10/20 13:44:19 | 000,769,427 | ---- | M] () -- C:\Users\Kenn\Documents\Screenshot-2.jpg
[2013/10/19 06:16:56 | 000,030,308 | ---- | M] () -- C:\Users\Kenn\Documents\cc_20131019_071650.reg

========== Files Created - No Company Name ==========

[2013/11/12 14:57:45 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/11/11 15:52:43 | 000,000,514 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20131111_155241.reg
[2013/11/11 15:33:19 | 000,024,126 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20131111_153317.reg
[2013/11/11 13:37:27 | 000,000,436 | ---- | C] () -- C:\Users\Kenn\settings.sav
[2013/10/25 09:22:24 | 000,001,151 | ---- | C] () -- C:\Users\Kenn\Desktop\TS3W - Shortcut.lnk
[2013/10/24 14:28:15 | 000,004,962 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20131024_152812.reg
[2013/10/22 21:20:46 | 000,974,453 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-6.jpg
[2013/10/22 21:19:22 | 000,702,526 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-5.jpg
[2013/10/22 21:19:03 | 000,937,434 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot.jpg
[2013/10/20 20:10:23 | 000,711,683 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-4.jpg
[2013/10/20 20:06:16 | 000,782,070 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-3.jpg
[2013/10/20 13:44:19 | 000,769,427 | ---- | C] () -- C:\Users\Kenn\Documents\Screenshot-2.jpg
[2013/10/19 06:16:53 | 000,030,308 | ---- | C] () -- C:\Users\Kenn\Documents\cc_20131019_071650.reg
[2013/04/29 11:49:45 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2013/04/23 08:09:43 | 000,001,536 | ---- | C] () -- C:\Users\Kenn\AppData\Local\recently-used.xbel
[2013/04/23 07:50:59 | 000,000,227 | ---- | C] () -- C:\Users\Kenn\736884F1_00000001_000000000006CBAC.vpxy
[2013/01/19 00:30:25 | 000,091,964 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2013/01/09 17:39:05 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/01/02 12:49:18 | 000,005,005 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2013/01/02 11:25:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2012/12/09 13:23:08 | 000,000,098 | ---- | C] () -- C:\Users\Kenn\hosts
[2012/07/14 19:12:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/04 02:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/07/04 00:09:18 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012/06/14 12:24:03 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2012/05/14 00:36:17 | 000,048,640 | ---- | C] () -- C:\Users\Kenn\TS3Lib.dll
[2012/03/22 09:33:18 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/03/15 20:47:39 | 000,667,978 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/15 20:47:39 | 000,007,223 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/13 02:11:34 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/03/13 02:11:34 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/06 12:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/03/05 14:05:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/05 14:05:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/05 02:09:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/03 06:01:04 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2012/03/03 04:51:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2012/03/03 04:51:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2012/03/02 23:14:28 | 000,096,256 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 19:37:35 | 000,002,032 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2012/03/02 17:27:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/02 17:15:26 | 000,157,677 | ---- | C] () -- C:\Windows\hpoins29.dat
[2012/03/02 17:06:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2012/03/02 17:06:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD6400AAKS-75A7B2 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: TEAC USB HS-CF Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: TEAC USB HS-xD/SM USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: TEAC USB HS-MS Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: TEAC USB HS-SD Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: HP Photosmart C4400 USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 581.00GB
Starting Offset: 15770583040
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 11:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 11:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/06/10 12:43:55 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Adobe
[2012/12/13 11:28:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Apple Computer
[2012/03/03 04:59:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ArcSoft
[2012/03/02 17:29:22 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ATI
[2013/11/11 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Audacity
[2012/04/20 23:49:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Azureus
[2013/09/06 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\calibre
[2012/03/12 13:37:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2012/11/04 01:33:17 | 000,000,000 | -HSD | M] -- C:\Users\Kenn\AppData\Roaming\Common
[2013/11/11 15:30:27 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2012/09/15 14:33:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DeepBurner
[2012/03/02 17:43:01 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dell
[2013/11/12 01:07:47 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DisplayFusion
[2013/11/13 22:11:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dropbox
[2013/11/11 08:18:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DVD Flick
[2013/07/25 02:44:51 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\dvdcss
[2013/04/29 09:26:05 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2013/09/02 18:03:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\HandBrake
[2012/03/02 17:22:04 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\HP
[2012/03/02 19:37:39 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Identities
[2013/11/02 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2012/03/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\InstallShield
[2012/11/26 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\iPadian
[2013/01/08 21:42:10 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Jasc Software Inc
[2012/03/02 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Macromedia
[2012/03/03 15:16:22 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Malwarebytes
[2013/10/18 09:48:07 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Marine Aquarium 3
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Media Center Programs
[2012/03/20 13:16:35 | 000,000,000 | --SD | M] -- C:\Users\Kenn\AppData\Roaming\Microsoft
[2012/11/01 12:15:49 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Mozilla
[2012/12/15 16:46:14 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\mp3DirectCut
[2012/07/21 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Music Editor Free
[2013/09/21 06:50:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Octane
[2012/03/09 15:20:25 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2012/03/22 10:56:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Origin
[2012/04/17 20:02:16 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Peter L Jones
[2013/04/10 05:10:11 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Realtek
[2012/09/20 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2012/03/30 13:39:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2012/12/22 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk
[2013/05/11 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Skype
[2012/07/19 14:48:48 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Syncdocs
[2013/11/13 22:04:31 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2013/08/26 11:15:02 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\vlc
[2013/06/12 15:31:50 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer
[2012/03/03 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\WinRAR
[2012/10/10 17:38:41 | 000,000,000 | -HSD | M] -- C:\Users\Kenn\AppData\Roaming\wyUpdate AU
[2012/04/19 09:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 21:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 21:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 21:24:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 21:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 21:24:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 21:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 21:23:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 21:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 21:25:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 21:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is EA79-A695
Directory of C:\
11/02/2006 08:02 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 08:02 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 08:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 08:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 08:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 08:02 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 08:02 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 08:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 08:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 08:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 08:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 08:02 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 08:02 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 08:02 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 08:02 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 08:02 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 08:02 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 08:02 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 08:02 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 08:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 08:02 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 08:02 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 08:02 AM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 08:02 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 08:02 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Kenn
03/02/2012 07:37 PM <JUNCTION> Application Data [C:\Users\Kenn\AppData\Roaming]
03/02/2012 07:37 PM <JUNCTION> Cookies [C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Cookies]
03/02/2012 07:37 PM <JUNCTION> Local Settings [C:\Users\Kenn\AppData\Local]
03/02/2012 07:37 PM <JUNCTION> My Documents [C:\Users\Kenn\Documents]
03/02/2012 07:37 PM <JUNCTION> NetHood [C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/02/2012 07:37 PM <JUNCTION> PrintHood [C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/02/2012 07:37 PM <JUNCTION> Recent [C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Recent]
03/02/2012 07:37 PM <JUNCTION> SendTo [C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\SendTo]
03/02/2012 07:37 PM <JUNCTION> Start Menu [C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu]
03/02/2012 07:37 PM <JUNCTION> Templates [C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Kenn\AppData\Local
03/02/2012 07:37 PM <JUNCTION> Application Data [C:\Users\Kenn\AppData\Local]
03/02/2012 07:37 PM <JUNCTION> History [C:\Users\Kenn\AppData\Local\Microsoft\Windows\History]
03/02/2012 07:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Kenn\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Kenn\Documents
03/02/2012 07:37 PM <JUNCTION> My Music [C:\Users\Kenn\Music]
03/02/2012 07:37 PM <JUNCTION> My Pictures [C:\Users\Kenn\Pictures]
03/02/2012 07:37 PM <JUNCTION> My Videos [C:\Users\Kenn\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 08:02 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 08:02 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 08:02 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
03/03/2012 05:00 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
03/03/2012 05:00 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
03/03/2012 05:00 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
03/03/2012 05:00 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
03/03/2012 05:00 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/03/2012 05:00 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
56 Dir(s) 67,411,615,744 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/11/05 20:01:09 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/11/05 20:01:09 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/11/05 20:01:09 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/11/05 20:01:30 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/11/05 20:01:30 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/11/05 20:01:30 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.A2RVE6WJSSKOIY44KSKNZ5A7MY\InstallInfo\\ReinstallCommand: "C:\Users\Kenn\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.A2RVE6WJSSKOIY44KSKNZ5A7MY\InstallInfo\\HideIconsCommand: "C:\Users\Kenn\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.A2RVE6WJSSKOIY44KSKNZ5A7MY\InstallInfo\\ShowIconsCommand: "C:\Users\Kenn\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.A2RVE6WJSSKOIY44KSKNZ5A7MY\shell\open\command\\: "C:\Users\Kenn\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/10 22:11:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/10 22:11:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/10 22:11:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/11/05 20:01:09 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/11/05 20:01:09 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/11/05 20:01:09 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/11/05 20:01:30 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/11/05 20:01:30 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/11/05 20:01:30 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.A2RVE6WJSSKOIY44KSKNZ5A7MY\InstallInfo\\ReinstallCommand: "C:\Users\Kenn\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.A2RVE6WJSSKOIY44KSKNZ5A7MY\InstallInfo\\HideIconsCommand: "C:\Users\Kenn\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.A2RVE6WJSSKOIY44KSKNZ5A7MY\InstallInfo\\ShowIconsCommand: "C:\Users\Kenn\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.A2RVE6WJSSKOIY44KSKNZ5A7MY\shell\open\command\\: "C:\Users\Kenn\AppData\Local\Google\Chrome\Application\chrome.exe"
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/10 22:11:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/10 22:11:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/10 22:11:33 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/10/13 05:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/06/28 09:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2006/11/02 07:41:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/04/11 01:28:24 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\TableTextService.dll
[2006/09/19 06:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/02/18 13:39:57 | 001,272,752 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/02/18 13:39:57 | 000,980,032 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/02/18 13:39:58 | 001,665,878 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/02/18 13:39:58 | 001,445,430 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/02/18 13:40:01 | 001,810,352 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2006/09/19 06:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/04/11 01:23:33 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
and the 'Extras':
OTL Extras logfile created on: 11/13/2013 10:24:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kenn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.90% Memory free
6.73 Gb Paging File | 5.00 Gb Available in Paging File | 74.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 58.36 Gb Free Space | 10.04% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS
Drive R: | 15.92 Mb Total Space | 15.92 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [KMPlayer.Enqueue] -- "C:\PROGRA~1\THEKMP~1\KMPlayer.exe" /ADD "%1" (KMP Media co.,Ltd)
Directory [KMPlayer.Play] -- "C:\PROGRA~1\THEKMP~1\KMPlayer.exe" "%1" (KMP Media co.,Ltd)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02513B14-6A84-4F14-8ADF-37EC965BDC96}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{22708301-DAC8-427C-8334-E296D9D19362}" = rport=137 | protocol=17 | dir=out | app=system |
"{239220DA-11BD-45C5-9111-7926B49FBB7C}" = lport=445 | protocol=6 | dir=in | app=system |
"{2CEF591B-5170-46B7-8342-E16E0DBA6439}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3044C1BF-2257-4D61-9CF0-2A92465D57E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{32C1FCE2-216F-40A3-8FA4-EFD6DDDCB19B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CFC52AF-0F2A-4F28-90DC-2D33B440C4DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50EE8241-FAF1-4A2D-A180-3A3FE07CD91C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5124D46D-C892-4B99-926C-307112EE3A90}" = rport=139 | protocol=6 | dir=out | app=system |
"{5D3E5972-1A2C-451B-9B1D-9A801028D994}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8607AB35-38AE-4C42-B198-26C5F8981EFC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{94E13066-9AB3-474D-9E41-B737DE217F22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{95C579EF-20A6-4173-9EED-8FDC4CD7ED07}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BA3F0D1-37A5-4477-B994-CCB05759D94B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A63670ED-A5A6-4F98-B6FF-32CCE7F1533A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A685E813-F348-4E2E-82E2-85CCD3B66B36}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC247505-E4FE-4C79-9439-3AB5BCE55545}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E0397B74-2D1C-4451-BE42-50D7B0E69777}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EA82CBFD-B987-4714-A0C2-644085B1FF2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F79E99FE-149A-4A7A-9F33-FF3F2FACBFAF}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1028B29B-5181-4ADA-9338-3EC9ED0B1470}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{11E4C9C7-BD18-4D8F-AA3A-2DEFD3F8436D}" = protocol=6 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{23818147-925C-4926-99CF-E0E7274D9E6C}" = protocol=58 | dir=in | [email protected],-28545 |
"{33E7781B-6E37-4D50-BAC7-ABD11682D79D}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe |
"{4125FF64-DF3D-4F75-BCD5-F050F7E85321}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{435A53FE-F757-46B1-A391-8BE4C613144E}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{666F578A-D8A2-4086-9834-42BE813367B0}" = protocol=1 | dir=out | [email protected],-28544 |
"{6CE52EC5-B702-4A16-83E7-649B51989F11}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{70D27A0D-F5C9-4B72-AE9C-D97835B22C1B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{76CA60F4-ED3C-4359-A186-DC66F75464BA}" = protocol=1 | dir=in | [email protected],-28543 |
"{7C9A2CBF-9A8C-491D-A6BC-0B618EA51F58}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{91153892-C674-48DC-89F5-75F967195886}" = protocol=6 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{93F1AA91-5181-4EA7-A069-99A5C6D0E8F6}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{9D357516-130A-4ABD-94B9-92674FE90A80}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9D9B01F1-EF0C-478C-93D1-9134DD0DE673}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{A46520E8-A8D3-4D87-A52C-46F06B914DCB}" = protocol=17 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{B00CBC3A-8625-43CD-9E8D-38E41B4F2B24}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B0D8BAFA-ACBA-43DC-A044-8F3CBB281D67}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\dropbox\bin\dropbox.exe |
"{C8A64341-373A-479E-921A-F36951FF3ACD}" = protocol=17 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D45D3158-1833-4195-B7AC-5BF75879562B}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E0CBF18D-11BD-47B6-9543-56EF27B0D6E7}" = protocol=17 | dir=in | app=c:\program files\wintv\extend\wintvextender.exe |
"{EA7D5FF9-0F23-4BDE-B59D-90DD9830A483}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC626C76-7D64-4A0B-AD6C-FFBB151F90B0}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{EFC0E954-A83F-446D-B893-12FB9F769929}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F36AF875-3E4B-4F7E-ACB4-C40AA4094DBD}" = protocol=6 | dir=in | app=c:\users\kenn\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F5E7ECDE-E6FA-426D-8C8B-F90EF25577DF}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{0A4C89A5-353A-4E0D-838E-9E3A19F2A9F3}C:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{1A2AA946-AD75-4F73-AA37-1BB269B52771}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{1D9B236B-6297-49D3-88DC-7B390A82F087}C:\users\kenn\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{562A3DE8-ADA3-4E97-8510-DA428D4BD367}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{636DDE61-A534-4A35-91EC-34B7BD6343E3}C:\program files\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"TCP Query User{A6550375-4AD6-4A79-85F1-ECF9C52F52CB}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{F6670925-97A5-4377-9D2A-6EA2CC39BABB}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{2A16E681-4619-4905-A2EA-EDDB63CEF68F}C:\users\kenn\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\kenn\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{9FA2A8EA-491A-4C85-848E-BC2F7228FD88}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{C100D518-4D0E-4D99-AD5E-0127563012F5}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{C4078223-E6B6-43F2-8021-3CE950FD5F2C}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{CDC2450D-AECF-4A46-82DF-6C3308324C17}C:\program files\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{D5905C0C-3F8A-484C-87C1-127371DC8786}C:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files\rocksteady\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{F4480C5A-70F2-4F27-9E5C-FC777ACE527D}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38B50CEC-C683-404D-BAD7-48CBCBFF981B}_is1" = Free WebM to AVI Converter 1.0
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{424E1389-2414-4394-9476-5D26316F291F}" = IE Download Helper
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42B72780-640C-40A1-B285-ABEF3F4D9D6E}_is1" = Batman Arkham City Game Of The Year Edition
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1" = MassTube 11.1.1.627
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E7C5578-1985-141E-4D5E-1FDEA31265C9}" = ccc-utility
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.9
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{976D65A4-87F9-430F-80F6-27B60BC74AA9}" = Hauppauge Tuning Adapter Proxy
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A19DD749-DBCC-462B-A692-9E62E629F6C4}" = Syncdocs
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4B004B0-B6D3-4BA8-B012-3F79A931CF9E}" = BlueStacks Notification Center
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB259D81-DE6B-4554-B4A8-DB13D321FBF2}" = calibre
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3236C7B-455E-4CDB-B3E1-7A2190B054BC}" = ArcSoft WebCam Companion 3
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BDEE7660-E08C-4824-8577-6CE12F8C3492}_is1" = gPhotoShow v1.6.3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C1E6B103-4FFE-45D5-ACE3-8FD1E14A7F4B}" = FULL-DISKfighter
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camer@
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0087539-3C57-44E0-BEE7-D779D546CBE1}" = The Sims™ 3 Movie Stuff
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1868CAE-E3B9-4099-8C18-AA8944D336FD}" = The Sims™ 3 70s, 80s, & 90s Stuff
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EAB74CB6-760C-2136-FC77-9549721FB84A}" = AMD Catalyst Install Manager
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F859EACD-283B-449C-AD10-9EC74E824FB9}" = Marine Aquarium
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}" = Angry Birds Seasons
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AACACM" = AAC ACM Codec 1.9
"AC3ACM" = AC-3 ACM Codec 2.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.3.1
"BlueStacks App Player" = BlueStacks App Player
"Bodyshop Mechanic.36b" = Bodyshop Mechanic
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Dock" = Dell Dock
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstall)
"Digital Editions" = Adobe Digital Editions
"DreamAqua" = Dream Aquarium
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v2.2
"Explorer Suite_is1" = Explorer Suite IV
"ffdshow_is1" = ffdshow v1.1.4382 [2012-03-12]
"FileHippo.com" = FileHippo.com Update Checker
"FormatFactory" = FormatFactory 3.1.1
"Free Sound Recorder_is1" = Free Sound Recorder v9.3.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GIMP-2_is1" = GIMP 2.8.0
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.28104)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV-DCR-2650 IR Service" = Hauppauge WinTV-DCR-2650 IR Service
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Miro Video Converter" = Miro Video Converter
"MKVToolNix" = MKVToolNix 5.5.0
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"Picasa 3" = Picasa 3
"PrintKey2000" = PrintKey2000
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"s3pe" = s3pe - Sims3 Package Editor
"Shop for HP Supplies" = Shop for HP Supplies
"SimPE PhotoStudio Templates_is1" = SimPE PhotoStudio Templates 3.0
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"SpywareBlaster_is1" = SpywareBlaster 5.0
"ST6UNST #1" = Sims 2 Categorizer
"ST6UNST #2" = Sims 2 NPC Replacer
"The KMPlayer" = The KMPlayer (remove only)
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CC Magic" = CC Magic
"Dropbox" = Dropbox
"HuluDesktop" = Hulu Desktop
"Sansa Updater" = Sansa Updater
"uTorrent" = µTorrent

< End of report >
I was excited that the ADW actually ran through the 'clean' cycle! A good sign I hope!
  • 0

#4
RKinner
Posted 13 November 2013 - 11:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

Then run FRST again and do a Scan and post the log.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#5
NorthstarATL
Posted 14 November 2013 - 12:44 AM

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Thank you again! here is the Fix Log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013
Ran by Kenn at 2013-11-14 01:08:03 Run:1
Running from C:\Users\Kenn\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DownloadHelper Class - {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files\Common Files\Download Helper\DownloadHelper.dll (IE Download Helper)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\scenicreflectionstb.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
CHR Extension: (SuRf annd keep) - C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flknhnkedeggedkbnajlbhfdmcfmgdbl\2.19
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 HcwMocurIR; system32\drivers\HcwMocurIR.sys [x]
U3 awumox4x; C:\Windows\System32\Drivers\awumox4x.sys [0 ] (Microsoft Corporation)
U3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]
C:\Users\Kenn\AppData\Roaming\desktop.ini
C:\Users\Kenn\Large Address Aware.exe
C:\Users\Kenn\TS3Lib.dll
C:\Users\Kenn\AppData\Local\Temp\FastDownload.exe
C:\Users\Kenn\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Kenn\AppData\Local\Temp\Quarantine.exe
C:\Users\Kenn\AppData\Local\Temp\tbConn.dll




*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF2573AE-E1ED-40e1-83BA-F544CB2EE135} => Key deleted successfully.
HKCR\CLSID\{FF2573AE-E1ED-40e1-83BA-F544CB2EE135} => Key deleted successfully.
C:\Program Files\mozilla firefox\searchplugins\scenicreflectionstb.xml => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => Moved successfully.
C:\Users\Kenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flknhnkedeggedkbnajlbhfdmcfmgdbl directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HcwMocurIR => Service deleted successfully.
awumox4x => Service deleted successfully.
TrueSight => Service deleted successfully.
C:\Users\Kenn\AppData\Roaming\desktop.ini => Moved successfully.
C:\Users\Kenn\Large Address Aware.exe => Moved successfully.
C:\Users\Kenn\TS3Lib.dll => Moved successfully.
C:\Users\Kenn\AppData\Local\Temp\FastDownload.exe => Moved successfully.
C:\Users\Kenn\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Kenn\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Kenn\AppData\Local\Temp\tbConn.dll => Moved successfully.

==== End of Fixlog ====

I then followed your instructions, clearing, rebooting, and running the scan. It completed and I've attached a screenshot of the result. (Don't know if I should locate and post the log.)
Here's the System result from VEW:
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/11/2013 1:34:17 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/11/2013 6:14:55 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 14/11/2013 6:14:44 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.

Log: 'System' Date/Time: 14/11/2013 6:14:44 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PandoraService service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It doesn't look good to me, but I don't know what to look for. Here's the Application Run:
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/11/2013 1:42:52 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/11/2013 6:14:44 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 14/11/2013 6:13:27 AM
Type: Error Category: 0
Event: 0 Source: BstHdAndroidSvc
Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/11/2013 6:11:11 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3019194991-3436555038-3990252873-1000:
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\SystemCertificates\trust
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Policies\Microsoft\SystemCertificates
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Policies\Microsoft\SystemCertificates
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Policies\Microsoft\SystemCertificates
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Policies\Microsoft\SystemCertificates
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\SystemCertificates\My
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\SystemCertificates\CA
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\SystemCertificates\Root

Attached Thumbnails

  • windowsloglocation.jpg

  • 0

#6
RKinner
Posted 14 November 2013 - 10:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Log: 'System' Date/Time: 14/11/2013 6:14:55 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.


I see this error a lot. Usually we just go into services and disable the service as it is not something you really need. It detects HP products on your local LAN.

Right click on Computer and select Manage then Services and Applications then Services. Find HP CUE DeviceDiscovery and right click and select Properties then change the Startup Type: to Disabled. OK. If you really need this then go back to HP and get the latest version and see if installing that will fix the problem.

Log: 'System' Date/Time: 14/11/2013 6:14:44 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.


I would try downloading and installing (right click and Run As Admin) the latest version of BlueStacks:

http://www.bluestack...d-success-2.htm

Log: 'System' Date/Time: 14/11/2013 6:14:44 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PandoraService service failed to start due to the following error: The system cannot find the file specified.


This adware installed as foistware by KMP. You can go into Services and Disable it as we did for HP Cue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/11/2013 6:14:44 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Use IE and go to:

http://support.micro...b;en-US;2545227

and run the Fixit.


Log: 'Application' Date/Time: 14/11/2013 6:11:11 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3019194991-3436555038-3990252873-1000:
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000
Process 2524 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\SystemCertificates\Disallowed ...


This is all from Windows Live. Most people don't use it so I usually just have them uninstall all Windows Live starting with Windows Live Essentials. If you do use it then once you uninstall it find the latest version and install that. http://windows.micro...live/essentials


Then


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.



2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
NorthstarATL
Posted 14 November 2013 - 01:01 PM

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Good afternoon! Thanks again for working on this! Following your instructions I hit one snag, with the Fixit. I was told that it did not apply to my system and failed to run.
I uninstalled Windows Live. I THOUGHT that the weekly Windows Updates were updating those programs as necessary as they dowith Windows Security Essentials, but I was wrong, as they are now unsupported! I upgraded Blue Stacks. I THOUGHT I'd uninstalled Pandora, as I knew it to be attached to KMPlayer (which is where this started), but apparently not deeply enough!
Logs:
VEW; System:
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/11/2013 1:48:25 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
VEW;Application:
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/11/2013 1:58:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/11/2013 6:43:41 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/11/2013 6:40:32 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3019194991-3436555038-3990252873-1000_Classes:
Process 1588 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 14/11/2013 6:40:30 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3019194991-3436555038-3990252873-1000:
Process 5012 (\Device\HarddiskVolume3\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 5012 (\Device\HarddiskVolume3\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3019194991-3436555038-3990252873-1000\Software\Microsoft\Windows\CurrentVersion\Explorer


Also wanted to add that I started doing some searching in Google Chrome (I'd been switching back and forth some for awhile), and am NOT getting the 'ads not by this site' thing on Chrome. Could it be not in my system but in Firefox?
  • 0

#8
RKinner
Posted 14 November 2013 - 01:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Try running Firefox in its Safe mode:

https://support.mozi...using-safe-mode



For the Fixit that didn't work you can try:

Right click on (My) Computer and select Manage (continue) then Services and Applications then Services. Find:

Windows Management Instrumentation Service
Right click on it and select Properties.
Stop the service.

Minimize the services window.

Copy the next 6 lines:

c:
md \backupres
cd \windows\system32\wbem\repository
move *.* \backupres
move * \backupres
exit


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window if it doesn't close itself.

Go back to the services window. Start Windows Management Instrumentation Service

Also start Security Center, and IP Helper. Close the services window then clear the alarms and reboot:
  • 0

#9
NorthstarATL
Posted 14 November 2013 - 01:46 PM

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Two things:
First, after the reboot I had possibly the fastest startup that I'd seen in a long while!
Second, I decided that, since I imported the important data from Firefox to Chrome (and backed it up on a flash drive), I might as well reset Firefox completely, and ....NO more message! It worked! Before I posted here I went onto Firefox's forum page and looked up 'ads not by this site' in case others were having the same problem and there might be a simple solution. The general consensus was that it was a virus and a redirect (of sorts) and the computer was a goner! I cannot TELL you how happy I am and how thankful I am for your help and patience with this! We still have more to do though, right?
  • 0

#10
RKinner
Posted 14 November 2013 - 02:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
The remaining errors are caused by msiexec and spoolv. msiexec is the installer so it just may not have been finished with an update. The other is part of the printer software so it may have a document that it can't print. Let's clear the alarms, reboot and run VEW again as before and see:


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

Advertisements

#11
NorthstarATL
Posted 14 November 2013 - 02:22 PM

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Thanks again! From VEW; System:
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/11/2013 3:19:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
VEW; Application:
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/11/2013 3:21:20 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Look OK?
  • 0

#12
RKinner
Posted 14 November 2013 - 02:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Looks great as long as you remembered to reboot between clearing the alarms and running VEW.

I think we can clean up now.


Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.

If we ran Combofix:To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.



OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on.

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Chrome/Firefox. Hit Optimize. You can run it any time that Chrome/Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent

http://www.foolishIT.../cryptoprevent/

The free version does not update on its own so you should check for updated versions once in a while.



If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#13
NorthstarATL
Posted 14 November 2013 - 05:32 PM

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Thank you! I made one error. I did the FileHippo thing, and updated a ton of programs. The Conduit Toolbar wormed its way into my system again. Took over Firefox, Chrome, and IE! I uninstalled it from Programs/Features (Mcafee had also leeched in), but it didn't go away. I did another reset of Firefox (because I hadn't done anything with it since the previous one) and was able to remove the toolbar. Changed the IE homepage in Safe Mode. Will have to research how to get it off the computer entirely.
  • 0

#14
RKinner
Posted 14 November 2013 - 06:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Try AdwCleaner again.
  • 0

#15
NorthstarATL
Posted 14 November 2013 - 07:52 PM

NorthstarATL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Thanks! I did. I was able to reset the homepage of Chrome by going into Tools, Extensions, and deleting the offending toolbar! I ran Adware and Malarebytes, as well as CC Cleaner, and a trial version of Hitman Pro (suggested at this site:Website); the toolbar was packed in something called Sweettunes in with ITunes. I should have been wary of it when File Hippo wanted to update, as I'd just purchased from there yesterday, but I had already updated 10 or so programs, and wasn't as careful as I should have been. Thanks for your help! I'm going to eat and sleep now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP