Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware and Popups [Solved]

Started by lesadale , Nov 21 2013 09:30 AM

  • This topic is locked This topic is locked

#1
lesadale
Posted 21 November 2013 - 09:30 AM

lesadale

    Member

  • Member
  • PipPip
  • 55 posts
I'm running a Windows 7 Pro 64 bit OS. One of my kids downloaded some "extra" programs and now I have way too much going on. I've tried deleting programs and caused more problems. So I've come to you. I've gotten rid of my Norton and downloaded MSE, Malawarebytes' Anti-Malware and SuperAntiSpyware. It's running better, but still some issues. Below is my OTL log:

OTL logfile created on: 11/21/2013 1:59:15 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lesa\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 38.34% Memory free
7.50 Gb Paging File | 4.19 Gb Available in Paging File | 55.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 35.00 Gb Free Space | 23.50% Space Free | Partition Type: NTFS

Computer Name: LESA-PC | User Name: Lesa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 01:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lesa\Downloads\OTL (1).exe
PRC - [2013/10/28 11:58:56 | 007,040,056 | ---- | M] (Hightail Inc.) -- C:\Program Files (x86)\Hightail Desktop App\Hightail.exe
PRC - [2013/10/27 10:49:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
PRC - [2013/05/24 18:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/24 13:27:40 | 000,380,024 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/04/08 06:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/10/26 14:58:00 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/20 21:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/06/02 18:31:00 | 001,769,472 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
PRC - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/15 23:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/15 23:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/15 23:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe
PRC - [2001/12/31 23:43:38 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/16 06:33:44 | 000,911,872 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013/11/14 05:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 05:29:30 | 013,582,800 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 05:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 05:28:37 | 000,702,416 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 05:28:36 | 000,099,792 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 05:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/10/27 10:49:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe
MOD - [2013/10/11 02:59:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/11 02:59:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/11 02:11:37 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/14 02:48:03 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/14 02:40:56 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/14 02:40:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/14 02:40:54 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/14 02:40:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 02:40:12 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 02:39:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 02:59:43 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/29 15:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/10/26 13:52:44 | 000,135,680 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TvOcLib.dll
MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/02 18:31:00 | 001,769,472 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
MOD - [2009/04/29 13:24:44 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\pngio.dll
MOD - [2009/04/29 13:24:44 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\AiNap.dll
MOD - [2009/04/29 13:24:44 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\vvc.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2008/12/10 19:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV\pngio.dll
MOD - [2006/01/10 02:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/09/18 20:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/21 01:44:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/10 18:00:02 | 000,507,912 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI6D90.tmp -- (Level Quality Watcher)
SRV - [2013/10/24 20:19:27 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/10/24 20:19:23 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/09/10 20:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/12 16:34:02 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe -- (EventService)
SRV - [2013/03/12 16:34:02 | 000,031,232 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe -- (TransferService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/08 12:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/17 09:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/22 11:01:30 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/10/10 08:28:33 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/21 14:06:16 | 000,067,808 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/24 16:14:22 | 000,273,088 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/27 11:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/01/27 11:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/28 19:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/09/18 22:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/17 05:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/19 20:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/08 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/10 20:49:54 | 000,026,624 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2013/05/27 08:28:01 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/09/28 19:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://aartemis.com/...AP9405137351373
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/...AP9405137351373
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.4.0.40
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/11/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 1F 0B 7F 4D C0 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/11/2013
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "aartemis"
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.c...ate=16/11/2013"
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.664
FF - prefs.js..extensions.enabledAddons: mjdecjxqta%40mjdecjxqta.org:1.0
FF - prefs.js..extensions.enabledAddons: %7B4b9bcce8-a70b-402a-a7e1-db96831ee26f%7D:3.5.1.10
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons: firefox%40zemanta.com:1.0.1
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: sam%40samfind.com:2.2.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45
FF - prefs.js..extensions.enabledAddons: firefox-extension%40shareaholic.com:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.4.4.3
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.47
FF - prefs.js..extensions.enabledAddons: sp2%40sp.com:1.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.3.2%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.1.1.0
FF - prefs.js..extensions.enabledItems: {a39975e6-69b0-40a4-b7e2-fc8770f38132}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...=16/11/2013&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/11 08:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/11 08:24:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Lesa\Program Files (x86)\DNA [2013/11/21 01:33:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\ [2013/11/11 08:31:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e55007f4-80c5-418e-ac33-10c4d60db01e}: C:\Program Files (x86)\Re-markit\135.xpi

[2010/05/23 21:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Extensions
[2013/11/16 06:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions
[2011/06/04 08:33:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/02/25 20:15:31 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2012/08/01 10:47:17 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013/11/16 06:35:21 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{83ee5c7d-47cb-10db-8a07-8c2446e29c8b}
[2013/04/14 07:35:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/07/13 11:19:33 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2011/07/27 08:23:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/04/14 07:35:29 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/11/11 08:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack
[2013/11/16 06:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\staged
[2013/11/12 20:37:23 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/05/14 13:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\trash
[2013/04/14 07:35:30 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/05/14 13:15:23 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/04/14 07:35:30 | 000,061,064 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/04/14 07:35:30 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2011/10/01 10:55:07 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[1832/11/28 22:22:58 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/04/14 07:35:30 | 000,021,490 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/04/14 07:35:14 | 000,150,353 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2012/09/12 03:32:26 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\trash\[email protected]
[2013/11/21 00:08:21 | 000,000,834 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\conduit-search.xml
[2011/12/01 16:28:00 | 000,002,191 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\google.xml
[2013/11/19 06:36:26 | 000,002,425 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\Web Search.xml
[2011/12/01 16:28:00 | 000,000,625 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\yahoo.xml
[2013/08/07 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/07 11:51:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/11/11 08:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\SOCIAL PRIVACY\FF
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFEXTENSION16=C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\{83EE5C7D-47CB-10DB-8A07-8C2446E29C8B}
[2010/10/05 06:10:54 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/10/05 06:10:54 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2013/02/15 18:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=16/11/2013
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.c...Date=16/11/2013
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: New Tab = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0\
CHR - Extension: Google Wallet = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\

O1 HOSTS File: ([2011/08/22 06:26:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Social Privacy) - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Hightail Sync Agent] C:\Program Files (x86)\Hightail Desktop App\Hightail.exe (Hightail Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dnsshield] C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 00:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 00:55:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/21 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/21 00:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/21 00:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/21 00:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/20 23:44:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\WorkLifeBalance
[2013/11/20 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MoJo Angela Wills
[2013/11/20 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MyNams
[2013/11/20 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\CoachGlue
[2013/11/19 12:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\Blogging Class
[2013/11/16 06:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\SyncFolder
[2013/11/16 06:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/11/16 06:30:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Optimizer Pro
[2013/11/16 06:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/11/13 01:11:53 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Local\Hightail
[2013/11/13 01:11:52 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2013/11/13 01:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail Desktop App
[2013/11/13 01:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hightail Desktop App
[2013/11/11 08:35:09 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Local\SearchProtect
[2013/11/10 18:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/11/10 17:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/11/10 17:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/11/10 17:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2013/11/10 17:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/11/10 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy DNS
[2013/11/10 17:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy
[2013/11/10 17:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp
[2013/11/07 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Lesa\.kindle
[2013/11/07 15:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/07 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/07 01:21:32 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/10/25 09:58:17 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\30 Day Challenge
[2013/10/22 13:30:30 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\2DoWebs

========== Files - Modified Within 30 Days ==========

[2013/11/21 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/21 01:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/21 01:43:40 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 01:43:40 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 01:43:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
[2013/11/21 01:40:40 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/11/21 01:38:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/11/21 01:30:29 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/21 01:30:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 01:30:06 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 01:01:36 | 000,000,113 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/11/21 01:01:35 | 000,000,006 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2013/11/21 00:55:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:43:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
[2013/11/21 00:38:04 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/21 00:06:29 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/11/18 21:32:36 | 000,003,552 | ---- | M] () -- C:\Windows\mozy.blk
[2013/11/18 21:32:35 | 000,006,246 | ---- | M] () -- C:\Windows\mozy.flt
[2013/11/18 08:56:31 | 000,872,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/18 08:56:31 | 000,726,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/18 08:56:31 | 000,146,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/17 08:58:39 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2013/11/16 06:38:48 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/16 06:30:44 | 000,002,248 | ---- | M] () -- C:\Users\Lesa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/16 06:30:19 | 000,001,641 | ---- | M] () -- C:\Users\Lesa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/14 14:55:44 | 000,003,735 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/11/13 14:37:53 | 000,000,983 | ---- | M] () -- C:\Users\Lesa\Desktop\YNAB 4.lnk
[2013/11/13 01:11:48 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:15 | 000,001,109 | ---- | M] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | M] () -- C:\Users\Lesa\.recently-used.xbel
[2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/10/24 20:19:23 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/10/24 20:19:23 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

========== Files Created - No Company Name ==========

[2013/11/21 00:55:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:36 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/21 00:38:34 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/21 00:38:04 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/21 00:15:49 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/16 06:35:41 | 000,002,565 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/11/13 01:11:47 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:14 | 000,001,109 | ---- | C] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | C] () -- C:\Users\Lesa\.recently-used.xbel
[2013/10/11 08:13:07 | 000,003,735 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/16 23:38:15 | 000,361,117 | ---- | C] () -- C:\Users\Lesa\AppData\Local\newhb2.crx
[2013/09/05 19:38:02 | 000,000,113 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/09/05 19:38:02 | 000,000,006 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2011/05/18 15:34:26 | 000,001,940 | ---- | C] () -- C:\Users\Lesa\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/17 03:28:18 | 000,000,132 | ---- | C] () -- C:\Users\Lesa\.gtk-bookmarks
[2011/03/08 21:16:35 | 000,003,584 | ---- | C] () -- C:\Users\Lesa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/02 09:02:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/11 22:18:22 | 000,000,632 | RHS- | C] () -- C:\Users\Lesa\ntuser.pol
[2010/03/23 14:28:54 | 000,007,597 | ---- | C] () -- C:\Users\Lesa\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\L
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\U
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\L
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\U
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/05 18:39:38 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2010/10/18 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\AllinOnePDF
[2010/11/20 14:47:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Amazon
[2011/05/24 09:00:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Audacity
[2010/03/25 14:22:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\BitZipper
[2010/10/22 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Canneverbe_Limited
[2010/10/05 06:10:55 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Catalina Marketing Corp
[2010/06/17 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/31 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2013/11/21 02:23:38 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\DNA
[2013/11/21 01:35:05 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Dropbox
[2013/09/05 18:38:06 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\DSite
[2010/06/02 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Facebook
[2013/02/20 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\FileZilla
[2013/10/31 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\gtk-2.0
[2013/11/13 01:11:53 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2012/02/25 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\ID Vault
[2010/11/16 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\KompoZer
[2010/07/10 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\OpenOffice.org
[2013/11/16 06:30:03 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Optimizer Pro
[2011/03/15 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Pamela
[2011/12/31 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\PC-FAX TX
[2010/06/17 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\pdf995
[2011/02/24 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Personal Finance Software
[2011/07/13 11:20:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\QFX Software
[2013/02/21 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\redsn0w
[2010/10/01 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Simple Star
[2010/10/18 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Ten PDF Reader
[2010/05/14 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Tific
[2010/08/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Trusteer
[2013/10/27 07:14:37 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 482 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


All help is greatly appreciated.
  • 0

Advertisements

#2
Essexboy
Posted 21 November 2013 - 10:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi what problems are you currently experiencing ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/11/2013
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/11/2013
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110
FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=83ee5c7d-47cb-10db-8a07-8c2446e29c8b&searchtype=hp&installDate=16/11/2013"
FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.664
FF - prefs.js..extensions.enabledAddons: mjdecjxqta%40mjdecjxqta.org:1.0
FF - prefs.js..extensions.enabledAddons: firefox%40zemanta.com:1.0.1
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: sam%40samfind.com:2.2.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: sp2%40sp.com:1.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.3.2%20-%201
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.1.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=83ee5c7d-47cb-10db-8a07-8c2446e29c8b&searchtype=ds&installDate=16/11/2013&q="
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\ [2013/11/11 08:31:09 | 000,000,000 | ---D | M]
[2013/11/16 06:35:21 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{83ee5c7d-47cb-10db-8a07-8c2446e29c8b}
[2013/04/14 07:35:29 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/11/11 08:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack
[2013/04/14 07:35:30 | 000,061,064 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/04/14 07:35:30 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2011/10/01 10:55:07 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[1832/11/28 22:22:58 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/04/14 07:35:30 | 000,021,490 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/04/14 07:35:14 | 000,150,353 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2012/09/12 03:32:26 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\trash\[email protected]
[2013/11/21 00:08:21 | 000,000,834 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\conduit-search.xml
O2 - BHO: (Social Privacy) - {91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} - C:\Program Files (x86)\Social Privacy\sp.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [dnsshield] C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - File not found
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - File not found
[2013/11/16 06:30:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Optimizer Pro
[2013/11/16 06:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/11/11 08:35:09 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Local\SearchProtect
[2013/11/10 18:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/11/10 17:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/11/10 17:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/11/10 17:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/11/10 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy DNS
[2013/11/10 17:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy
[2013/11/10 17:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp
[2013/11/21 01:38:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/11/14 14:55:44 | 000,003,735 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/11/16 06:35:41 | 000,002,565 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\L
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\U
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\L
[2011/11/17 00:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\U
[2013/09/05 18:39:38 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z

:Files
C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}

:Reg
[-HKCU\SOFTWARE\Wow6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}]

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

AND FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    [img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
lesadale
Posted 21 November 2013 - 06:48 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
My Mozzilla Firefox Browser will not open, while using Chrome I get lots of ad popups and double underlined with green. My computer slows down, sometimes it take 2 min just to change tabs.

Here are my logs:

New OTL Quick Scan Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Swag Bucks Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Conduit Search" removed from browser.search.selectedEngine
Prefs.js: "http://feed.snapdo.c...ate=16/11/2013" removed from browser.startup.homepage
Prefs.js: lazarus%40interclue.com:2.3 removed from extensions.enabledAddons
Prefs.js: LogMeInClient%40logmein.com:1.0.0.664 removed from extensions.enabledAddons
Prefs.js: mjdecjxqta%40mjdecjxqta.org:1.0 removed from extensions.enabledAddons
Prefs.js: firefox%40zemanta.com:1.0.1 removed from extensions.enabledAddons
Prefs.js: isreaditlater%40ideashower.com:3.0.1 removed from extensions.enabledAddons
Prefs.js: plugin%40yontoo.com:1.20.02 removed from extensions.enabledAddons
Prefs.js: sam%40samfind.com:2.2.8 removed from extensions.enabledAddons
Prefs.js: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 removed from extensions.enabledAddons
Prefs.js: sp2%40sp.com:1.0 removed from extensions.enabledAddons
Prefs.js: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.3.2%20-%201 removed from extensions.enabledAddons
Prefs.js: [email protected]:2.1.1 removed from extensions.enabledItems
Prefs.js: [email protected]:1.20.00 removed from extensions.enabledItems
Prefs.js: [email protected]:2.2.1 removed from extensions.enabledItems
Prefs.js: [email protected]:5.1.1.0 removed from extensions.enabledItems
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "http://feed.snapdo.c...=16/11/2013&q=" removed from keyword.URL
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files (x86)\Social Privacy\FF\chrome\content folder moved successfully.
C:\Program Files (x86)\Social Privacy\FF\chrome folder moved successfully.
C:\Program Files (x86)\Social Privacy\FF folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{83ee5c7d-47cb-10db-8a07-8c2446e29c8b}\components folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{83ee5c7d-47cb-10db-8a07-8c2446e29c8b}\chrome\PublisherImages folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{83ee5c7d-47cb-10db-8a07-8c2446e29c8b}\chrome\images folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{83ee5c7d-47cb-10db-8a07-8c2446e29c8b}\chrome folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{83ee5c7d-47cb-10db-8a07-8c2446e29c8b} folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\modules\rss folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\modules folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\topic-icons folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\social folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\sidebars\trouble folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\sidebars\sidesam folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\sidebars\sidelog folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\sidebars\rss folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\sidebars\login folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\sidebars\email folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\sidebars\contact folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\sidebars folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin\options folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\icons\default folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\icons folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars\widget folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars\trouble folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars\sidesam folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars\sidelog folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars\rss folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars\login folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars\email folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars\contact folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\sidebars folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\options\deprecated folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\options folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content\deprecated folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected] folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver\lib folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\window folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\system folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\addon folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\api-utils folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\resources folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\defaults\preferences folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack\defaults folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\ScorpionSaver@jetpack folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected] moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected] moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected] moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected] moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected] moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\trash\[email protected] moved successfully.
C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\conduit-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE}\ deleted successfully.
C:\Program Files (x86)\Social Privacy\sp.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dnsshield deleted successfully.
File C:\Program Files (x86)\Social Privacy DNS\dnswatch.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll deleted successfully.
C:\Users\Lesa\AppData\Roaming\Optimizer Pro\Undo folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Optimizer Pro\Log folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Optimizer Pro\Backup folder moved successfully.
C:\Users\Lesa\AppData\Roaming\Optimizer Pro folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources\cache folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources folder moved successfully.
C:\Program Files (x86)\MyPC Backup\log folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Database folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Config folder moved successfully.
C:\Program Files (x86)\MyPC Backup folder moved successfully.
C:\Users\Lesa\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Lesa\AppData\Local\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Users\Lesa\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Program Files (x86)\ScorpionSaver folder moved successfully.
C:\ProgramData\Updater folder moved successfully.
C:\ProgramData\RHelpers folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect folder moved successfully.
Folder C:\Program Files (x86)\Social Privacy DNS\ not found.
C:\Program Files (x86)\Social Privacy folder moved successfully.
C:\Program Files (x86)\sp folder moved successfully.
C:\Windows\Tasks\DSite.job moved successfully.
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml moved successfully.
C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\L folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\U folder moved successfully.
C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\L folder moved successfully.
C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b}\U folder moved successfully.
C:\Users\Lesa\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages folder moved successfully.
C:\Users\Lesa\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z folder moved successfully.
========== FILES ==========
C:\Users\Lesa\AppData\Local\{ec73698f-5ec2-5193-e043-e6cdbc32dd2b} folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lesa
->Temp folder emptied: 10015730438 bytes
->Temporary Internet Files folder emptied: 74710126 bytes
->Java cache emptied: 10359 bytes
->FireFox cache emptied: 65760054 bytes
->Google Chrome cache emptied: 362572480 bytes
->Flash cache emptied: 745223 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151304345 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321243 bytes
RecycleBin emptied: 89367518 bytes

Total Files Cleaned = 10,302.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11212013_132019

Files\Folders moved on Reboot...
C:\Users\Lesa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_LESA-PC$\1656 not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Junkware Removal Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Lesa on Thu 11/21/2013 at 14:04:17.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99ad9d6d-a456-49ee-8360-f22ee7aa1272}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{d793423b-ff18-4a54-b9c9-75b3396baac4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2418376
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Users\Public\Desktop\open it!.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\Users\Lesa\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Lesa\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\Lesa\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Users\Lesa\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\comcasttb"
Successfully deleted: [Folder] "C:\Program Files (x86)\openit"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo layers client"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\Users\Lesa\AppData\Roaming\mozilla\firefox\profiles\lsfk61yb.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\Lesa\AppData\Roaming\mozilla\firefox\profiles\lsfk61yb.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Lesa\AppData\Roaming\mozilla\firefox\profiles\lsfk61yb.default\extensions\staged
Successfully deleted the following from C:\Users\Lesa\AppData\Roaming\mozilla\firefox\profiles\lsfk61yb.default\prefs.js

user_pref("CT1696798..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1696798..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT1696798.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT1696798.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT1696798.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT1696798.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1696798&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT1696798.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1696798&q=");
user_pref("CT1696798.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT1696798.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT1696798.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1696798");
user_pref("CT1696798.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT1696798.backendstorage.hxxp://facebook_conduitapps_com/v3_2_1.facebook_ctid_connect_send", "73656E646564");
user_pref("CT1696798.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1696798.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT1696798.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1696798.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1696798.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"5/29/2011 1:26:46 AM\",\"SourceId\":0,\
user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=");
user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityTo
user_pref("CT2260173.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdow
user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2260173");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/26227/25709/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1696798", "\"1306912368\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:10d4\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5.1", "\"807dc126dd28cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.5.1", "\"07b2625f8cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:10d4\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1696798", "\"634485749189530000\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173", "\"634434930587600000\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1696798&octid=CT1696798", "\"1313504974\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1696798/CT1696798", "\"1310989086\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2260173/CT2260173", "\"1309367990\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634410529136300000\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634432176643630000\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"634492029952000000\"");
user_pref("CommunityToolbar.EngineHiddenByUser", false);
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{a39975e6-69b0-40a4-b7e2-fc8770f38132}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "homeschoolbar");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lesa\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lsfk61yb.default\\conduitCommon\\modules\\3.6.0.10");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.labpixies.com/campaigns/notes/notes.html", "480x109");
user_pref("CommunityToolbar.OriginalEngineOwner", "CT1696798");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a39975e6-69b0-40a4-b7e2-fc8770f38132}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "homeschoolbar");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT1696798,CT2260173");
user_pref("CommunityToolbar.ToolbarsList2", "CT1696798,CT2260173");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 20 2011 00:58:18 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.alertEnabled", true);
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 14:50:18 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 19:27:31 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{50a1b289-d4d8-45d5-a8ae-f56f65b4bc09}");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jul 10 2011 23:06:54 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.globalUserId", "d2dc4007-f6fb-4c94-88d6-04ad703389bf");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2260173");
user_pref("CommunityToolbar.killedEngine", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Aug 19 2011 11:42:18 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Aug 20 2011 11:48:05 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 20 2011 11:47:48 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "7e3de8d0-f44c-4551-b67c-c74a1bff8759");
user_pref("CommunityToolbar.undefined", "");
user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=US&userid=83ee5c7d-47cb-10db-8a07-8c2446e29c8b&searchtype=nt&installDate=16/11/2013");
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
user_pref("interclue.preferences", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Update.lastBuild\":6141,\"Update.lastUpdateTime\":1317950681,\"Button.turboNote.sh
user_pref("interclue.preferences.backup", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Update.lastBuild\":6141,\"Update.lastUpdateTime\":1317950681,\"Button.turbo
user_pref("samfind.social.notused", "100zakladok,2linkme,2tag,7live7,a1webmarks,addio,adifni,aero,allmyfaves,allvoices,amazon,aollifestream,aolmail,arto,aviary,baang,baidu,bal
Emptied folder: C:\Users\Lesa\AppData\Roaming\mozilla\firefox\profiles\lsfk61yb.default\minidumps [35 files]



~~~ Chrome

Dumping contents of C:\Users\Lesa\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Lesa\appdata\local\Google\Chrome\User Data\Default\Default\aadggegfdbdddcgddfdadbdidegfgedh
C:\Users\Lesa\appdata\local\Google\Chrome\User Data\Default\Default\aadggegfdbdddcgddfdadbdidegfgedh\background.html
C:\Users\Lesa\appdata\local\Google\Chrome\User Data\Default\Default\aadggegfdbdddcgddfdadbdidegfgedh\ContentScript.js
C:\Users\Lesa\appdata\local\Google\Chrome\User Data\Default\Default\aadggegfdbdddcgddfdadbdidegfgedh\manifest.json

Successfully deleted: [Folder] C:\Users\Lesa\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/21/2013 at 14:09:27.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



ComboFix Log

ComboFix 13-11-19.01 - Lesa 11/21/2013 18:09:08.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.1730 [GMT -6:00]
Running from: c:\users\Lesa\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\setupact.log
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Level Quality Watcher
.
.
((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
.
.
2013-11-22 00:18 . 2013-11-22 00:18 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-11-22 00:18 . 2013-11-22 00:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-22 00:18 . 2013-11-22 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-21 20:04 . 2013-11-21 20:04 -------- d-----w- c:\windows\ERUNT
2013-11-21 06:55 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-21 06:38 . 2013-11-21 06:38 -------- d-----w- c:\users\Lesa\AppData\Roaming\SUPERAntiSpyware.com
2013-11-21 06:38 . 2013-11-21 06:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-11-21 06:38 . 2013-11-21 06:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-11-21 06:18 . 2013-11-21 06:18 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E03C5D1-8E71-41E0-8675-F44B3B33AA2C}\gapaengine.dll
2013-11-21 06:18 . 2013-11-08 01:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{338C1B71-19CB-41D4-A8B2-C9DA7D5ADE02}\mpengine.dll
2013-11-21 06:15 . 2013-11-21 06:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-11-21 06:14 . 2013-11-21 06:15 -------- d-----w- c:\program files\Microsoft Security Client
2013-11-16 12:52 . 2013-11-16 12:52 -------- d-----w- c:\users\Lesa\SyncFolder
2013-11-13 11:06 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 11:05 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 11:05 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-13 11:05 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-13 11:05 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-13 11:05 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 11:05 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-13 11:05 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 11:05 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-13 11:05 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 11:05 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-13 11:05 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-13 07:11 . 2013-11-13 07:12 -------- d-----w- c:\users\Lesa\AppData\Local\Hightail
2013-11-13 07:11 . 2013-11-13 07:11 -------- d-----w- c:\users\Lesa\AppData\Roaming\Hightail
2013-11-13 07:11 . 2013-11-13 07:11 -------- d-----w- c:\program files (x86)\Hightail Desktop App
2013-11-10 23:57 . 2013-11-11 14:31 -------- d-----w- c:\programdata\TubeDimmer
2013-11-10 23:53 . 2013-11-11 14:31 -------- d-----w- c:\program files (x86)\Social Privacy DNS
2013-11-08 00:56 . 2013-11-08 00:56 -------- d-----w- c:\users\Lesa\.kindle
2013-11-07 21:55 . 2013-11-07 21:55 -------- d-----w- c:\program files\iPod
2013-11-07 21:55 . 2013-11-07 21:56 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 21:55 . 2013-11-07 21:56 -------- d-----w- c:\program files\iTunes
2013-11-07 21:55 . 2013-11-07 21:56 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-21 07:44 . 2011-05-16 12:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2010-03-23 01:37 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 20:54 . 2013-10-11 14:14 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-14 09:08 . 2010-04-14 19:52 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-25 02:19 . 2010-06-21 13:40 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-10-25 02:19 . 2010-06-21 13:40 35656 ----a-w- c:\windows\system32\LMIport.dll
2013-10-25 02:19 . 2010-06-21 13:40 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-10-18 02:19 . 2010-06-21 13:40 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-10 14:28 . 2013-10-10 14:28 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-10-08 12:50 . 2013-10-16 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-27 15:53 . 2013-09-27 15:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 15:53 . 2013-09-27 15:53 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-08 02:30 . 2013-10-10 10:21 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 10:21 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 10:21 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-21 20:01 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-21 20:01 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-21 20:01 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-21 20:01 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-21 20:01 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-21 20:01 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-21 20:01 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-10 10:21 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 10:21 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 10:21 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 10:21 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 10:21 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 10:21 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 10:21 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 10:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 10:21 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 10:21 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 10:21 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 10:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 10:21 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 10:21 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 10:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 10:21 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 10:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 10:20 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2013-10-28 17:58 2844728 ----a-w- c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2013-10-28 17:58 2844728 ----a-w- c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2013-10-28 17:58 2844728 ----a-w- c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2013-10-28 17:58 2844728 ----a-w- c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BitTorrent DNA"="c:\users\Lesa\Program Files (x86)\DNA\btdna.exe" [2002-01-01 323392]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-05 6604568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-06-03 1769472]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-10-26 5516800]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-14 244208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BYRUA_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2012-09-24 380024]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2013-10-2 6444360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\Lesa\AppData\Local\Temp\DX9\SessionLauncher.exe;c:\users\Lesa\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
S2 EventService;MR APP Event Service;c:\program files (x86)\MR APP\MRAPP.Event.Service.exe;c:\program files (x86)\MR APP\MRAPP.Event.Service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 TransferService;MR APP Transfer Service;c:\program files (x86)\MR APP\MRAPP.Transfer.Service.exe;c:\program files (x86)\MR APP\MRAPP.Transfer.Service.exe [x]
S3 AODDriver;AODDriver;c:\program files (x86)\ASUS\GPU NOS\amd64\AODDriver.sys;c:\program files (x86)\ASUS\GPU NOS\amd64\AODDriver.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:44]
.
2013-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
- c:\users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-23 20:15]
.
2013-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
- c:\users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-23 20:15]
.
2013-11-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
2013-11-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2013-10-28 18:00 2983992 ----a-w- c:\program files (x86)\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2013-10-28 18:00 2983992 ----a-w- c:\program files (x86)\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2013-10-28 18:00 2983992 ----a-w- c:\program files (x86)\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2013-10-28 18:00 2983992 ----a-w- c:\program files (x86)\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Lesa\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2013-10-02 12:51 6885192 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2013-10-02 12:51 6885192 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
"Hightail Sync Agent"="c:\program files (x86)\Hightail Desktop App\Hightail.exe" [2013-10-28 7040056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384604989&from=tugs&uid=WDCXWD1600AAJB-22PVA0_WD-WMAP9405137351373&q={searchTerms}
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384604989&from=tugs&uid=WDCXWD1600AAJB-22PVA0_WD-WMAP9405137351373&q={searchTerms}
uInternet Settings,ProxyServer = http=127.0.0.1:16110;https=127.0.0.1:16110
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2013-10-11 09:14; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\17.0.2.13
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
[email protected] - c:\program files (x86)\Social Privacy\uninstall.exe
AddRemove-{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B} - c:\programdata\Updater\Uninstall.exe
AddRemove-Zip Opener Packages - c:\users\Lesa\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Smith Micro\StuffIt11\ArcNameService.exe
c:\windows\SysWOW64\WinMsgBalloonServer.exe
c:\windows\SysWOW64\WinMsgBalloonClient.exe
c:\program files (x86)\ASUS\GPU NOS\Gpu.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2013-11-21 18:35:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-22 00:35
ComboFix2.txt 2011-08-22 12:41
.
Pre-Run: 44,986,744,832 bytes free
Post-Run: 47,555,448,832 bytes free
.
- - End Of File - - 39F84EC4AC3FC36E410A135296FDC68F
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#4
Essexboy
Posted 22 November 2013 - 07:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Has there been any improvement ? Does internet explorer exhibit the same problems ?

  • Run OTL.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows. OTL.Txt .
  • Post the log

  • 0

#5
lesadale
Posted 22 November 2013 - 10:07 AM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Firefox will not open at all. Chrome is getting better, not so slow, but the new tabs still come up as unavailable webpages. IE pops up three windows, one is an ad and the other two is some new search called Aartemis Portal Site. When I close one, they all close.


Here is the new OTL Log:

OTL logfile created on: 11/22/2013 9:40:05 AM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lesa\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 37.63% Memory free
7.50 Gb Paging File | 4.63 Gb Available in Paging File | 61.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 43.96 Gb Free Space | 29.51% Space Free | Partition Type: NTFS

Computer Name: LESA-PC | User Name: Lesa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 01:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lesa\Downloads\OTL (1).exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/20 21:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/15 23:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/15 23:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/15 23:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 05:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 05:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 05:28:37 | 000,702,416 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 05:28:36 | 000,099,792 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 05:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/11/29 15:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2006/01/10 02:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/09/18 20:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/21 01:44:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/24 20:19:27 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/10/24 20:19:23 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/09/10 20:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/12 16:34:02 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe -- (EventService)
SRV - [2013/03/12 16:34:02 | 000,031,232 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe -- (TransferService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/08 12:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/17 09:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/22 11:01:30 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/10/10 08:28:33 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/21 14:06:16 | 000,067,808 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/24 16:14:22 | 000,273,088 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/27 11:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/01/27 11:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/28 19:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/09/18 22:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/17 05:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/19 20:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/08 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/10 20:49:54 | 000,026,624 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2013/05/27 08:28:01 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/09/28 19:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/...AP9405137351373
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.4.0.40
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.4.0.40

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.4.0.40

IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 1F 0B 7F 4D C0 CE 01 [binary data]
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "aartemis"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B4b9bcce8-a70b-402a-a7e1-db96831ee26f%7D:3.5.1.10
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45
FF - prefs.js..extensions.enabledAddons: firefox-extension%40shareaholic.com:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.4.4.3
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.47
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {a39975e6-69b0-40a4-b7e2-fc8770f38132}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/11 08:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/11 08:24:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Lesa\Program Files (x86)\DNA [2013/11/21 13:29:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e55007f4-80c5-418e-ac33-10c4d60db01e}: C:\Program Files (x86)\Re-markit\135.xpi

[2010/05/23 21:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Extensions
[2013/11/21 14:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions
[2011/06/04 08:33:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/02/25 20:15:31 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2012/08/01 10:47:17 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013/04/14 07:35:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/07/13 11:19:33 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2011/07/27 08:23:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/11/12 20:37:23 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/11/21 13:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\trash
[2013/04/14 07:35:30 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/05/14 13:15:23 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2011/12/01 16:28:00 | 000,002,191 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\google.xml
[2011/12/01 16:28:00 | 000,000,625 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\yahoo.xml
[2013/08/07 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/07 11:51:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES (X86)\SOCIAL PRIVACY\FF
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFEXTENSION16=C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\{83EE5C7D-47CB-10DB-8A07-8C2446E29C8B}
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
[2010/10/05 06:10:54 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/10/05 06:10:54 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2013/02/15 18:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=16/11/2013
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.c...Date=16/11/2013
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: New Tab = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0\
CHR - Extension: Google Wallet = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\

O1 HOSTS File: ([2013/11/21 18:30:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Hightail Sync Agent] C:\Program Files (x86)\Hightail Desktop App\Hightail.exe (Hightail Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001..\Run: [BitTorrent DNA] C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 18:30:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/21 14:04:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/21 00:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 00:55:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/21 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/21 00:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/21 00:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/21 00:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/20 23:44:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\WorkLifeBalance
[2013/11/20 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MoJo Angela Wills
[2013/11/20 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MyNams
[2013/11/20 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\CoachGlue
[2013/11/19 12:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\Blogging Class
[2013/11/16 06:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\SyncFolder
[2013/11/14 03:21:27 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/14 03:21:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/14 03:21:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/14 03:21:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/14 03:21:24 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/14 03:21:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/14 03:21:23 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/14 03:21:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/14 03:21:23 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/14 03:21:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/14 03:21:22 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/14 03:21:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/14 03:21:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/14 03:21:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/14 03:21:15 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 05:06:37 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 05:06:17 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/13 05:06:04 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 05:06:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 05:06:03 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 05:06:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 05:06:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 05:05:40 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 05:05:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 05:05:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 05:05:40 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 05:05:39 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 05:05:20 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/13 05:05:20 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/13 05:05:20 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/13 05:05:20 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 01:11:53 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Local\Hightail
[2013/11/13 01:11:52 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2013/11/13 01:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail Desktop App
[2013/11/13 01:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hightail Desktop App
[2013/11/10 17:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2013/11/10 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy DNS
[2013/11/07 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Lesa\.kindle
[2013/11/07 15:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/07 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/07 01:21:32 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/10/25 09:58:17 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\30 Day Challenge

========== Files - Modified Within 30 Days ==========

[2013/11/22 09:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
[2013/11/22 08:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/22 08:38:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/22 03:26:57 | 000,006,246 | ---- | M] () -- C:\Windows\mozy.flt
[2013/11/22 03:26:57 | 000,003,552 | ---- | M] () -- C:\Windows\mozy.blk
[2013/11/22 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/22 00:43:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
[2013/11/21 22:10:26 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 22:10:26 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 18:32:07 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/11/21 18:30:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/21 18:21:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 18:20:59 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 09:39:06 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/11/21 01:44:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/21 01:01:36 | 000,000,113 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/11/21 01:01:35 | 000,000,006 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2013/11/21 00:55:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:04 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/18 08:56:31 | 000,872,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/18 08:56:31 | 000,726,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/18 08:56:31 | 000,146,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/17 08:58:39 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2013/11/16 06:38:48 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/16 06:30:44 | 000,002,248 | ---- | M] () -- C:\Users\Lesa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/16 06:30:19 | 000,001,641 | ---- | M] () -- C:\Users\Lesa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/11/13 14:37:53 | 000,000,983 | ---- | M] () -- C:\Users\Lesa\Desktop\YNAB 4.lnk
[2013/11/13 01:11:48 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:15 | 000,001,109 | ---- | M] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | M] () -- C:\Users\Lesa\.recently-used.xbel
[2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/10/24 20:19:23 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/10/24 20:19:23 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

========== Files Created - No Company Name ==========

[2013/11/21 00:55:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:36 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/21 00:38:34 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/21 00:38:04 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/21 00:15:49 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/13 01:11:47 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:14 | 000,001,109 | ---- | C] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | C] () -- C:\Users\Lesa\.recently-used.xbel
[2013/09/16 23:38:15 | 000,361,117 | ---- | C] () -- C:\Users\Lesa\AppData\Local\newhb2.crx
[2013/09/05 19:38:02 | 000,000,113 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/09/05 19:38:02 | 000,000,006 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2011/05/18 15:34:26 | 000,001,940 | ---- | C] () -- C:\Users\Lesa\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/17 03:28:18 | 000,000,132 | ---- | C] () -- C:\Users\Lesa\.gtk-bookmarks
[2011/03/08 21:16:35 | 000,003,584 | ---- | C] () -- C:\Users\Lesa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/02 09:02:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/11 22:18:22 | 000,000,632 | RHS- | C] () -- C:\Users\Lesa\ntuser.pol
[2010/03/23 14:28:54 | 000,007,597 | ---- | C] () -- C:\Users\Lesa\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/10/24 13:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/10/24 13:52:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/10/18 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\AllinOnePDF
[2010/11/20 14:47:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Amazon
[2011/05/24 09:00:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Audacity
[2010/03/25 14:22:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\BitZipper
[2010/10/22 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Canneverbe_Limited
[2010/10/05 06:10:55 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Catalina Marketing Corp
[2010/06/17 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/31 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2013/11/21 18:00:09 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\DNA
[2013/11/21 13:32:46 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Dropbox
[2010/06/02 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Facebook
[2013/02/20 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\FileZilla
[2013/10/31 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\gtk-2.0
[2013/11/13 01:11:53 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2012/02/25 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\ID Vault
[2010/11/16 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\KompoZer
[2010/07/10 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\OpenOffice.org
[2011/03/15 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Pamela
[2011/12/31 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\PC-FAX TX
[2010/06/17 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\pdf995
[2011/02/24 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Personal Finance Software
[2011/07/13 11:20:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\QFX Software
[2013/02/21 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\redsn0w
[2010/10/01 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Simple Star
[2010/10/18 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Ten PDF Reader
[2010/05/14 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Tific
[2010/08/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Trusteer
[2013/10/27 07:14:37 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 07:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 07:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/13 23:08:49 | 000,032,542 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/23 14:16:00 | 000,000,852 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
[2010/03/23 14:16:03 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
[2010/03/23 15:10:31 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/04/02 08:38:01 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/11/21 00:38:34 | 000,000,508 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/21 00:38:36 | 000,000,508 | ---- | C] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is BEF8-E3A5
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Lesa
03/22/2010 05:21 PM <JUNCTION> Application Data [C:\Users\Lesa\AppData\Roaming]
03/22/2010 05:21 PM <JUNCTION> Cookies [C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Cookies]
03/22/2010 05:21 PM <JUNCTION> Local Settings [C:\Users\Lesa\AppData\Local]
03/22/2010 05:21 PM <JUNCTION> My Documents [C:\Users\Lesa\Documents]
03/22/2010 05:21 PM <JUNCTION> NetHood [C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/22/2010 05:21 PM <JUNCTION> PrintHood [C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/22/2010 05:21 PM <JUNCTION> Recent [C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Recent]
03/22/2010 05:21 PM <JUNCTION> SendTo [C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\SendTo]
03/22/2010 05:21 PM <JUNCTION> Start Menu [C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu]
03/22/2010 05:21 PM <JUNCTION> Templates [C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Lesa\AppData\Local
03/22/2010 05:21 PM <JUNCTION> Application Data [C:\Users\Lesa\AppData\Local]
03/22/2010 05:21 PM <JUNCTION> History [C:\Users\Lesa\AppData\Local\Microsoft\Windows\History]
03/22/2010 05:21 PM <JUNCTION> Temporary Internet Files [C:\Users\Lesa\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Lesa\Documents
03/22/2010 05:21 PM <JUNCTION> My Music [C:\Users\Lesa\Music]
03/22/2010 05:21 PM <JUNCTION> My Pictures [C:\Users\Lesa\Pictures]
03/22/2010 05:21 PM <JUNCTION> My Videos [C:\Users\Lesa\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
10/01/2010 01:56 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
10/01/2010 01:56 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
10/01/2010 01:56 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/01/2010 01:56 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/01/2010 01:56 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
10/01/2010 01:56 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
10/01/2010 01:56 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
10/01/2010 01:56 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/01/2010 01:56 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/01/2010 01:56 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
59 Dir(s) 46,536,765,440 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 482 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

#6
Essexboy
Posted 22 November 2013 - 12:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK after this we will need to reset both Firefox and Chrome

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aartemis.com/...AP9405137351373
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.4.0.40
IE - HKU\S-1-5-21-3160849686-1691475319-3697074088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110
FF - prefs.js..browser.search.defaultenginename: "aartemis"
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e55007f4-80c5-418e-ac33-10c4d60db01e}: C:\Program Files (x86)\Re-markit\135.xpi
[2013/05/14 13:15:23 | 000,161,864 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/11/10 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy DNS
[2013/11/21 18:32:07 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx

:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh advfirewall reset /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Reset Firefox using the steps here http://support.mozil...x-most-problems

Reset Chrome following the steps here https://support.goog...r/3296214?hl=en
  • 0

#7
lesadale
Posted 22 November 2013 - 04:29 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
It fixed my problems with Chrome! IE still come up with the Artemis Portal Site. It's not my home page settings I've tried to fix that and even when it comes up from a fresh reload, the Artemis Portal still comes up as a new tab.

I couldn't use the reset instructions for Firefox. My Firefox doesn't come up. When I try to open it I get a pop up box that says "Couldn't load XPCOM"

Here is my new OTL log:

OTL logfile created on: 11/22/2013 3:24:55 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lesa\Documents\Downloads\Security
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 37.45% Memory free
7.50 Gb Paging File | 4.31 Gb Available in Paging File | 57.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 43.48 Gb Free Space | 29.19% Space Free | Partition Type: NTFS

Computer Name: LESA-PC | User Name: Lesa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 01:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lesa\My Documents\Downloads\Security\OTL (1).exe
PRC - [2013/10/28 11:58:56 | 007,040,056 | ---- | M] (Hightail Inc.) -- C:\Program Files (x86)\Hightail Desktop App\Hightail.exe
PRC - [2013/05/24 18:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/24 13:27:40 | 000,380,024 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/04/08 06:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/10/26 14:58:00 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/20 21:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/06/02 18:31:00 | 001,769,472 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
PRC - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/15 23:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/15 23:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/15 23:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe
PRC - [2001/12/31 23:43:38 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 05:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 05:29:30 | 013,582,800 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 05:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 05:28:37 | 000,702,416 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 05:28:36 | 000,099,792 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 05:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/29 15:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/26 13:52:44 | 000,135,680 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TvOcLib.dll
MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/02 18:31:00 | 001,769,472 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
MOD - [2009/04/29 13:24:44 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\pngio.dll
MOD - [2009/04/29 13:24:44 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\AiNap.dll
MOD - [2009/04/29 13:24:44 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\vvc.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2008/12/10 19:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV\pngio.dll
MOD - [2006/01/10 02:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/09/18 20:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/21 01:44:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/24 20:19:27 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/10/24 20:19:23 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/09/10 20:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/12 16:34:02 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe -- (EventService)
SRV - [2013/03/12 16:34:02 | 000,031,232 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe -- (TransferService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/08 12:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/17 09:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/22 11:01:30 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/10/10 08:28:33 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/21 14:06:16 | 000,067,808 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/24 16:14:22 | 000,273,088 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/27 11:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/01/27 11:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/28 19:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/09/18 22:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/17 05:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/19 20:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/08 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/10 20:49:54 | 000,026,624 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2013/05/27 08:28:01 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/09/28 19:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 1F 0B 7F 4D C0 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B4b9bcce8-a70b-402a-a7e1-db96831ee26f%7D:3.5.1.10
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45
FF - prefs.js..extensions.enabledAddons: firefox-extension%40shareaholic.com:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.4.4.3
FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.47
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {a39975e6-69b0-40a4-b7e2-fc8770f38132}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/11 08:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/11 08:24:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Lesa\Program Files (x86)\DNA [2013/11/22 15:01:34 | 000,000,000 | ---D | M]

[2010/05/23 21:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Extensions
[2013/11/22 13:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions
[2011/06/04 08:33:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/02/25 20:15:31 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2012/08/01 10:47:17 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013/04/14 07:35:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/07/13 11:19:33 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2011/07/27 08:23:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/11/12 20:37:23 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2013/11/21 13:21:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\trash
[2013/04/14 07:35:30 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\extensions\[email protected]
[2011/12/01 16:28:00 | 000,002,191 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\google.xml
[2011/12/01 16:28:00 | 000,000,625 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Mozilla\Firefox\Profiles\lsfk61yb.default\searchplugins\yahoo.xml
[2013/08/07 11:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/07 11:51:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES (X86)\SOCIAL PRIVACY\FF
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFEXTENSION16=C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\{83EE5C7D-47CB-10DB-8A07-8C2446E29C8B}
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LESA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LSFK61YB.DEFAULT\EXTENSIONS\[email protected]
[2010/10/05 06:10:54 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/10/05 06:10:54 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2013/02/15 18:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=16/11/2013
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.c...Date=16/11/2013
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: New Tab = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0\
CHR - Extension: Google Wallet = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\

O1 HOSTS File: ([2013/11/22 13:41:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Hightail Sync Agent] C:\Program Files (x86)\Hightail Desktop App\Hightail.exe (Hightail Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 18:30:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/21 14:04:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/21 00:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 00:55:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/21 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/21 00:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/21 00:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/21 00:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/20 23:44:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\WorkLifeBalance
[2013/11/20 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MoJo Angela Wills
[2013/11/20 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MyNams
[2013/11/20 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\CoachGlue
[2013/11/19 12:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\Blogging Class
[2013/11/16 06:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\SyncFolder
[2013/11/13 01:11:53 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Local\Hightail
[2013/11/13 01:11:52 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2013/11/13 01:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail Desktop App
[2013/11/13 01:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hightail Desktop App
[2013/11/10 17:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2013/11/10 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy DNS
[2013/11/07 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Lesa\.kindle
[2013/11/07 15:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/07 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/07 01:21:32 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/10/25 09:58:17 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\30 Day Challenge

========== Files - Modified Within 30 Days ==========

[2013/11/22 14:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/22 14:42:59 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
[2013/11/22 14:12:15 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/11/22 14:09:33 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/22 14:09:33 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/22 14:01:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/22 14:01:35 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/22 13:41:00 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/22 11:06:09 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2013/11/22 11:05:05 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/11/22 10:33:20 | 000,889,856 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/22 10:33:20 | 000,729,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/22 10:33:20 | 000,147,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/22 08:38:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/22 03:26:57 | 000,006,246 | ---- | M] () -- C:\Windows\mozy.flt
[2013/11/22 03:26:57 | 000,003,552 | ---- | M] () -- C:\Windows\mozy.blk
[2013/11/22 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/22 00:43:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
[2013/11/21 01:01:36 | 000,000,113 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/11/21 01:01:35 | 000,000,006 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2013/11/21 00:55:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:04 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/18 08:56:31 | 000,872,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/16 06:38:48 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/16 06:30:44 | 000,002,248 | ---- | M] () -- C:\Users\Lesa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/16 06:30:19 | 000,001,641 | ---- | M] () -- C:\Users\Lesa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/11/13 14:37:53 | 000,000,983 | ---- | M] () -- C:\Users\Lesa\Desktop\YNAB 4.lnk
[2013/11/13 01:11:48 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:15 | 000,001,109 | ---- | M] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | M] () -- C:\Users\Lesa\.recently-used.xbel
[2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/10/24 20:19:23 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/10/24 20:19:23 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

========== Files Created - No Company Name ==========

[2013/11/22 14:12:15 | 000,000,012 | -H-- | C] () -- C:\dvmexp.idx
[2013/11/21 00:55:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:36 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/21 00:38:34 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/21 00:38:04 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/21 00:15:49 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/13 01:11:47 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:14 | 000,001,109 | ---- | C] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | C] () -- C:\Users\Lesa\.recently-used.xbel
[2013/09/16 23:38:15 | 000,361,117 | ---- | C] () -- C:\Users\Lesa\AppData\Local\newhb2.crx
[2013/09/05 19:38:02 | 000,000,113 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/09/05 19:38:02 | 000,000,006 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2011/05/18 15:34:26 | 000,001,940 | ---- | C] () -- C:\Users\Lesa\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/17 03:28:18 | 000,000,132 | ---- | C] () -- C:\Users\Lesa\.gtk-bookmarks
[2011/03/08 21:16:35 | 000,003,584 | ---- | C] () -- C:\Users\Lesa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/02 09:02:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/11 22:18:22 | 000,000,632 | RHS- | C] () -- C:\Users\Lesa\ntuser.pol
[2010/03/23 14:28:54 | 000,007,597 | ---- | C] () -- C:\Users\Lesa\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/10/18 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\AllinOnePDF
[2010/11/20 14:47:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Amazon
[2011/05/24 09:00:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Audacity
[2010/03/25 14:22:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\BitZipper
[2010/10/22 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Canneverbe_Limited
[2010/10/05 06:10:55 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Catalina Marketing Corp
[2010/06/17 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/31 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2013/11/22 15:31:37 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\DNA
[2013/11/22 15:02:16 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Dropbox
[2010/06/02 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Facebook
[2013/02/20 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\FileZilla
[2013/10/31 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\gtk-2.0
[2013/11/13 01:11:53 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2012/02/25 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\ID Vault
[2010/11/16 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\KompoZer
[2010/07/10 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\OpenOffice.org
[2011/03/15 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Pamela
[2011/12/31 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\PC-FAX TX
[2010/06/17 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\pdf995
[2011/02/24 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Personal Finance Software
[2011/07/13 11:20:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\QFX Software
[2013/02/21 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\redsn0w
[2010/10/01 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Simple Star
[2010/10/18 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Ten PDF Reader
[2010/05/14 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Tific
[2010/08/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Trusteer
[2013/10/27 07:14:37 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 482 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

#8
Essexboy
Posted 22 November 2013 - 04:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For Firefox I would recommend a full fresh install as it appears corrupted

Could you download and run shortcut cleaner from here http://www.bleepingc...ortcut-cleaner/

When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it
Could you post that log
  • 0

#9
lesadale
Posted 23 November 2013 - 08:13 AM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I have deleted Firefox from my computer and re-installed it. It doesn't work. I do not get a "fox" anywhere just a small square with blue. Looks like a very small screen shot. Done that twice.

Here is the Shortcut Cleaner log:

Shortcut Cleaner 1.2.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingc...ortcut-cleaner/

Windows Version: Windows 7 Professional Service Pack 1
Program started at: 11/22/2013 07:54:10 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Lesa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Lesa\Desktop


0 bad shortcuts found.

Program finished at: 11/22/2013 07:54:38 PM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)
  • 0

#10
Essexboy
Posted 23 November 2013 - 08:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK reference Firefox.. Uninstall via control panel, then run the OTL fix below (this will clear all firefox elements). Reboot and then re-install firefox.

For IE does Artemis only appear on a fresh tab ?

If so then go to control panel > internet options > general
Select Tabs
Select a blank page for when new tabs are opened
Restart IE
If you still get that as a new tab then go to control panel > internet options > general
Select Tabs
Select Restore defaults
[attachment=67792:Capture.JPG]

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110

:Files
C:\Users\Lesa\AppData\Roaming\Mozilla
C:\Program Files (x86)\mozilla firefox

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#11
lesadale
Posted 23 November 2013 - 04:00 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I've not re-installed Firefox yet. I've tried both solutions and a couple others with IE, but still get Aartemis on opening. And now I'm getting it on Aartemis on Chrome again. I've gone back to the Setting options and reset browser settings.

Here is my OTL log:

OTL logfile created on: 11/23/2013 3:44:56 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lesa\Documents\Downloads\Security
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 46.50% Memory free
7.50 Gb Paging File | 4.74 Gb Available in Paging File | 63.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 41.83 Gb Free Space | 28.08% Space Free | Partition Type: NTFS

Computer Name: LESA-PC | User Name: Lesa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 01:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lesa\My Documents\Downloads\Security\OTL (1).exe
PRC - [2013/10/28 11:58:56 | 007,040,056 | ---- | M] (Hightail Inc.) -- C:\Program Files (x86)\Hightail Desktop App\Hightail.exe
PRC - [2013/05/24 18:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/24 13:27:40 | 000,380,024 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/04/08 06:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/10/26 14:58:00 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/20 21:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/06/02 18:31:00 | 001,769,472 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
PRC - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/15 23:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/15 23:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/15 23:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe
PRC - [2001/12/31 23:43:38 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 05:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 05:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 05:28:37 | 000,702,416 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 05:28:36 | 000,099,792 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 05:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/26 13:52:44 | 000,135,680 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TvOcLib.dll
MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/02 18:31:00 | 001,769,472 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
MOD - [2009/04/29 13:24:44 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\pngio.dll
MOD - [2009/04/29 13:24:44 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\AiNap.dll
MOD - [2009/04/29 13:24:44 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\vvc.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2008/12/10 19:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV\pngio.dll
MOD - [2006/01/10 02:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/09/18 20:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/21 01:44:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/24 20:19:27 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/10/24 20:19:23 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/12 16:34:02 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe -- (EventService)
SRV - [2013/03/12 16:34:02 | 000,031,232 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe -- (TransferService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/08 12:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/17 09:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/22 11:01:30 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/10/10 08:28:33 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/21 14:06:16 | 000,067,808 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/24 16:14:22 | 000,273,088 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/27 11:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/01/27 11:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/28 19:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/09/18 22:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/17 05:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/19 20:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/08 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/10 20:49:54 | 000,026,624 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2013/05/27 08:28:01 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/09/28 19:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 1F 0B 7F 4D C0 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Lesa\Program Files (x86)\DNA [2013/11/23 15:29:39 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: New Tab = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0\
CHR - Extension: Google Wallet = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\

O1 HOSTS File: ([2013/11/23 15:06:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Hightail Sync Agent] C:\Program Files (x86)\Hightail Desktop App\Hightail.exe (Hightail Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 18:30:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/21 14:04:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/21 00:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 00:55:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/21 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/21 00:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/21 00:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/21 00:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/20 23:44:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\WorkLifeBalance
[2013/11/20 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MoJo Angela Wills
[2013/11/20 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MyNams
[2013/11/20 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\CoachGlue
[2013/11/19 12:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\Blogging Class
[2013/11/16 06:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\SyncFolder
[2013/11/13 01:11:53 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Local\Hightail
[2013/11/13 01:11:52 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2013/11/13 01:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail Desktop App
[2013/11/13 01:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hightail Desktop App
[2013/11/10 17:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2013/11/10 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy DNS
[2013/11/07 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Lesa\.kindle
[2013/11/07 15:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/07 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/07 01:21:32 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/10/25 09:58:17 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\30 Day Challenge

========== Files - Modified Within 30 Days ==========

[2013/11/23 15:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
[2013/11/23 15:20:06 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/11/23 15:19:07 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/23 15:19:07 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/23 15:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/23 15:09:26 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/23 15:06:56 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/23 14:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/23 08:38:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/23 08:09:33 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/23 03:58:15 | 000,006,246 | ---- | M] () -- C:\Windows\mozy.flt
[2013/11/23 03:58:15 | 000,003,552 | ---- | M] () -- C:\Windows\mozy.blk
[2013/11/23 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/23 00:43:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
[2013/11/22 11:06:09 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2013/11/22 11:05:05 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/11/22 10:33:20 | 000,889,856 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/22 10:33:20 | 000,729,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/22 10:33:20 | 000,147,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/21 01:01:36 | 000,000,113 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/11/21 01:01:35 | 000,000,006 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2013/11/21 00:55:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:04 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/18 08:56:31 | 000,872,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/16 06:30:19 | 000,001,641 | ---- | M] () -- C:\Users\Lesa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/11/13 14:37:53 | 000,000,983 | ---- | M] () -- C:\Users\Lesa\Desktop\YNAB 4.lnk
[2013/11/13 01:11:48 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:15 | 000,001,109 | ---- | M] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | M] () -- C:\Users\Lesa\.recently-used.xbel
[2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/10/24 20:19:23 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/10/24 20:19:23 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

========== Files Created - No Company Name ==========

[2013/11/22 19:02:59 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/22 19:02:58 | 000,000,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/22 14:12:15 | 000,000,012 | -H-- | C] () -- C:\dvmexp.idx
[2013/11/21 00:55:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:36 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/21 00:38:34 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/21 00:38:04 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/21 00:15:49 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/13 01:11:47 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:14 | 000,001,109 | ---- | C] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | C] () -- C:\Users\Lesa\.recently-used.xbel
[2013/09/16 23:38:15 | 000,361,117 | ---- | C] () -- C:\Users\Lesa\AppData\Local\newhb2.crx
[2013/09/05 19:38:02 | 000,000,113 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/09/05 19:38:02 | 000,000,006 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2011/05/18 15:34:26 | 000,001,940 | ---- | C] () -- C:\Users\Lesa\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/17 03:28:18 | 000,000,132 | ---- | C] () -- C:\Users\Lesa\.gtk-bookmarks
[2011/03/08 21:16:35 | 000,003,584 | ---- | C] () -- C:\Users\Lesa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/02 09:02:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/11 22:18:22 | 000,000,632 | RHS- | C] () -- C:\Users\Lesa\ntuser.pol
[2010/03/23 14:28:54 | 000,007,597 | ---- | C] () -- C:\Users\Lesa\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/10/18 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\AllinOnePDF
[2010/11/20 14:47:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Amazon
[2011/05/24 09:00:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Audacity
[2010/03/25 14:22:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\BitZipper
[2010/10/22 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Canneverbe_Limited
[2010/10/05 06:10:55 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Catalina Marketing Corp
[2010/06/17 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/31 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2013/11/23 15:49:41 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\DNA
[2013/11/23 15:30:25 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Dropbox
[2010/06/02 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Facebook
[2013/02/20 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\FileZilla
[2013/10/31 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\gtk-2.0
[2013/11/13 01:11:53 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2012/02/25 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\ID Vault
[2010/11/16 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\KompoZer
[2010/07/10 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\OpenOffice.org
[2011/03/15 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Pamela
[2011/12/31 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\PC-FAX TX
[2010/06/17 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\pdf995
[2011/02/24 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Personal Finance Software
[2011/07/13 11:20:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\QFX Software
[2013/02/21 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\redsn0w
[2010/10/01 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Simple Star
[2010/10/18 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Ten PDF Reader
[2010/05/14 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Tific
[2010/08/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Trusteer
[2013/10/27 07:14:37 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 482 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

#12
lesadale
Posted 23 November 2013 - 04:05 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
It has changed my Google to Portaguese. And English is not in the language options.
  • 0

#13
Essexboy
Posted 23 November 2013 - 04:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK first could you go to control panel > internet option > connections
Select LAN settings
Place a tick in automatically detect settings
[attachment=67799:Capture.JPG]

Run this OTL fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Files
C:\Program Files (x86)\Social Privacy DNS

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

For 64bit systems, download SystemLook from here.


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: 
    :regfind
aartemis.com
aartemis

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#14
lesadale
Posted 24 November 2013 - 08:29 AM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:28 on 24/11/2013 by Lesa
Administrator - Elevation successful

========== regfind ==========

Searching for "aartemis.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe" http://aartemis.com/...P9405137351373"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe" http://aartemis.com/...P9405137351373"

Searching for "aartemis"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe" http://aartemis.com/...P9405137351373"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\aartemisSoftware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\aartemisSoftware\aartemishp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe" http://aartemis.com/...P9405137351373"

-= EOF =-
  • 0

#15
Essexboy
Posted 24 November 2013 - 09:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sneaky little blighters

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\aartemisSoftware]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\aartemisSoftware\aartemishp]

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP