Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware and Popups [Solved]

Started by lesadale , Nov 21 2013 09:30 AM

  • This topic is locked This topic is locked

#16
lesadale
Posted 25 November 2013 - 11:04 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
New log:

OTL logfile created on: 11/25/2013 10:41:23 PM - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lesa\Documents\Downloads\Security
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 41.77% Memory free
7.50 Gb Paging File | 4.72 Gb Available in Paging File | 62.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 42.00 Gb Free Space | 28.20% Space Free | Partition Type: NTFS

Computer Name: LESA-PC | User Name: Lesa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 01:59:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lesa\My Documents\Downloads\Security\OTL (1).exe
PRC - [2013/10/28 11:58:56 | 007,040,056 | ---- | M] (Hightail Inc.) -- C:\Program Files (x86)\Hightail Desktop App\Hightail.exe
PRC - [2013/05/24 18:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/24 13:27:40 | 000,380,024 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/04/08 06:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2009/10/26 14:58:00 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/20 21:16:54 | 005,782,528 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/06/02 18:31:00 | 001,769,472 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
PRC - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/15 23:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/15 23:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/15 23:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe
PRC - [2001/12/31 23:43:38 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 05:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 05:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 05:28:37 | 000,702,416 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 05:28:36 | 000,099,792 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 05:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/29 15:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/10/26 13:52:44 | 000,135,680 | ---- | M] () -- C:\Program Files\ASUS\TurboV\TvOcLib.dll
MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/02 18:31:00 | 001,769,472 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\TurboKey.exe
MOD - [2009/04/29 13:24:44 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\pngio.dll
MOD - [2009/04/29 13:24:44 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\AiNap.dll
MOD - [2009/04/29 13:24:44 | 000,008,704 | ---- | M] () -- C:\Program Files\ASUS\Turbo Key\vvc.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2008/12/10 19:27:56 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV\pngio.dll
MOD - [2006/01/10 02:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/09/18 20:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/21 01:44:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/24 20:19:27 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/10/24 20:19:23 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/12 16:34:02 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe -- (EventService)
SRV - [2013/03/12 16:34:02 | 000,031,232 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe -- (TransferService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/08 12:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/17 09:39:57 | 003,505,768 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/06 11:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/22 11:01:30 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/04/10 17:29:04 | 000,294,912 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/04/01 22:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/08 07:52:36 | 000,157,000 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/24 20:19:24 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/10/10 08:28:33 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/21 14:06:16 | 000,067,808 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/24 16:14:22 | 000,273,088 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/27 11:22:02 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/01/27 11:21:36 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/09/30 19:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/28 19:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/09/18 22:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/17 05:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/19 20:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008/10/23 20:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/08 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/12/10 20:49:54 | 000,026,624 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/02 20:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2013/05/27 08:28:01 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/09/28 19:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 1F 0B 7F 4D C0 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Lesa\Program Files (x86)\DNA [2013/11/25 18:04:12 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupon Print Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: New Tab = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0\
CHR - Extension: Google Wallet = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\

O1 HOSTS File: ([2013/11/25 11:12:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Hightail Sync Agent] C:\Program Files (x86)\Hightail Desktop App\Hightail.exe (Hightail Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files\ASUS\Turbo Key\TurboKey.exe ()
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 18:30:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/21 14:04:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/21 00:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/21 00:55:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/21 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/21 00:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/21 00:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/21 00:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/11/21 00:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/11/20 23:44:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\WorkLifeBalance
[2013/11/20 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MoJo Angela Wills
[2013/11/20 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\MyNams
[2013/11/20 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\CoachGlue
[2013/11/19 12:57:14 | 000,000,000 | ---D | C] -- C:\Users\Lesa\Documents\Blogging Class
[2013/11/16 06:52:03 | 000,000,000 | ---D | C] -- C:\Users\Lesa\SyncFolder
[2013/11/13 01:11:53 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Local\Hightail
[2013/11/13 01:11:52 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2013/11/13 01:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail Desktop App
[2013/11/13 01:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hightail Desktop App
[2013/11/10 17:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TubeDimmer
[2013/11/10 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Social Privacy DNS
[2013/11/07 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\Lesa\.kindle
[2013/11/07 15:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/07 15:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/07 15:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/07 01:21:32 | 000,000,000 | ---D | C] -- C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

========== Files - Modified Within 30 Days ==========

[2013/11/25 22:43:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
[2013/11/25 21:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/25 16:38:05 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/25 16:26:57 | 000,006,246 | ---- | M] () -- C:\Windows\mozy.flt
[2013/11/25 16:26:57 | 000,003,552 | ---- | M] () -- C:\Windows\mozy.blk
[2013/11/25 11:26:59 | 000,000,012 | -H-- | M] () -- C:\dvmexp.idx
[2013/11/25 11:24:37 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/25 11:24:37 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/25 11:16:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/25 11:16:28 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/25 11:12:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/25 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/25 00:43:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
[2013/11/24 08:27:09 | 000,876,850 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/24 08:27:09 | 000,729,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/24 08:27:09 | 000,147,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/24 08:25:37 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2013/11/24 08:04:42 | 000,000,467 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/11/23 08:09:33 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/22 10:33:20 | 000,889,856 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/21 01:01:36 | 000,000,113 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/11/21 01:01:35 | 000,000,006 | ---- | M] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2013/11/21 00:55:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:04 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/16 06:30:19 | 000,001,641 | ---- | M] () -- C:\Users\Lesa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/14 14:54:23 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/11/13 14:37:53 | 000,000,983 | ---- | M] () -- C:\Users\Lesa\Desktop\YNAB 4.lnk
[2013/11/13 01:11:48 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:15 | 000,001,109 | ---- | M] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | M] () -- C:\Users\Lesa\.recently-used.xbel

========== Files Created - No Company Name ==========

[2013/11/22 19:02:59 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/22 19:02:58 | 000,000,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/22 14:12:15 | 000,000,012 | -H-- | C] () -- C:\dvmexp.idx
[2013/11/21 00:55:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 00:38:36 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
[2013/11/21 00:38:34 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
[2013/11/21 00:38:04 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/21 00:16:12 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/11/21 00:15:49 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/11/13 01:11:47 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Hightail Desktop App.lnk
[2013/11/07 18:56:14 | 000,001,109 | ---- | C] () -- C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
[2013/11/07 15:57:07 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/31 22:07:35 | 000,017,522 | ---- | C] () -- C:\Users\Lesa\.recently-used.xbel
[2013/09/16 23:38:15 | 000,361,117 | ---- | C] () -- C:\Users\Lesa\AppData\Local\newhb2.crx
[2013/09/05 19:38:02 | 000,000,113 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WB.CFG
[2013/09/05 19:38:02 | 000,000,006 | ---- | C] () -- C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
[2011/05/18 15:34:26 | 000,001,940 | ---- | C] () -- C:\Users\Lesa\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/17 03:28:18 | 000,000,132 | ---- | C] () -- C:\Users\Lesa\.gtk-bookmarks
[2011/03/08 21:16:35 | 000,003,584 | ---- | C] () -- C:\Users\Lesa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/02 09:02:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/11 22:18:22 | 000,000,632 | RHS- | C] () -- C:\Users\Lesa\ntuser.pol
[2010/03/23 14:28:54 | 000,007,597 | ---- | C] () -- C:\Users\Lesa\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/10/18 13:05:12 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\AllinOnePDF
[2010/11/20 14:47:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Amazon
[2011/05/24 09:00:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Audacity
[2010/03/25 14:22:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\BitZipper
[2010/10/22 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Canneverbe_Limited
[2010/10/05 06:10:55 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Catalina Marketing Corp
[2010/06/17 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/31 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2013/11/25 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\DNA
[2013/11/25 18:04:34 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Dropbox
[2010/06/02 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Facebook
[2013/02/20 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\FileZilla
[2013/11/25 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\gtk-2.0
[2013/11/13 01:11:53 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Hightail
[2012/02/25 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\ID Vault
[2010/11/16 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\KompoZer
[2010/07/10 21:09:36 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/10/14 18:52:14 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\OpenOffice.org
[2011/03/15 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Pamela
[2011/12/31 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\PC-FAX TX
[2010/06/17 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\pdf995
[2011/02/24 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Personal Finance Software
[2011/07/13 11:20:35 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\QFX Software
[2013/02/21 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\redsn0w
[2010/10/01 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Simple Star
[2010/10/18 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Ten PDF Reader
[2010/05/14 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Tific
[2010/08/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\Trusteer
[2013/10/27 07:14:37 | 000,000,000 | ---D | M] -- C:\Users\Lesa\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 482 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements

#17
Essexboy
Posted 26 November 2013 - 08:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This just does not want to go

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#18
lesadale
Posted 26 November 2013 - 02:53 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here is the FST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by Lesa (administrator) on LESA-PC on 26-11-2013 08:56:54
Running from C:\Users\Lesa\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM) C:\ASUS.SYS\config\DVMExportService.exe
() C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Hightail Inc.) C:\Program Files (x86)\Hightail Desktop App\Hightail.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent, Inc.) C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Dropbox, Inc.) C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.UI.exe
() C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV\TurboV.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(LG Electronics) C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-01-27] (LogMeIn, Inc.)
HKLM\...\Run: [Hightail Sync Agent] - C:\Program Files (x86)\Hightail Desktop App\Hightail.exe [7040056 2013-10-28] (Hightail Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKCU\...\Run: [BitTorrent DNA] - C:\Users\Lesa\Program Files (x86)\DNA\btdna.exe [323392 2001-12-31] (BitTorrent, Inc.)
HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6604568 2013-11-05] (SUPERAntiSpyware)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2252800 2009-08-28] (VIA)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [Turbo Key] - C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1769472 2009-06-02] ()
HKLM-x32\...\Run: [TurboV] - C:\Program Files\ASUS\TurboV\TurboV.exe [5516800 2009-10-26] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] - C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [331 2013-11-25] ()
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BYRUA_AGENT] - C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe [380024 2012-09-24] (LG Electronics)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lesa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x871F0B7F4DC0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BC0AD0B8-92CF-4212-8B87-43285EFEA894}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C685DDF4-1D1C-46A3-BD51-26EF4A10E425}: [NameServer]8.8.8.8,8.8.4.4

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\Lesa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Coupon Print Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll No File
CHR Plugin: (Coupon Print Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Lesa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Lesa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (DNA Plug-in) - C:\Users\Lesa\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (New Tab) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.4_0
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0
CHR Extension: (Google Wallet) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Lesa\AppData\Local\newhb2.crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Lesa\AppData\Local\newhb2.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe http://aartemis.com/...AP9405137351373
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-04-22] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-01] ()
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [294912 2009-04-10] (DeviceVM)
R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [31744 2013-03-12] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-10-24] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-10-24] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-07-11] (Mozy, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [42773336 2010-09-17] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-09-06] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3505768 2010-06-17] (INCA Internet Co., Ltd.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370008 2010-09-17] (Microsoft Corporation)
R2 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt11\ArcNameService.exe [157000 2007-10-08] (Smith Micro Software, Inc.)
R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [31232 2013-03-12] (Microsoft)
S2 SessionLauncher; C:\Users\Lesa\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-14] (AVG Technologies)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [273088 2011-04-24] (QFX Software Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-10] (Windows ® Codename Longhorn DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-09-28] ()
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-09-28] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-10-10] ()
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 08:56 - 2013-11-26 08:57 - 00021067 _____ C:\Users\Lesa\Downloads\FRST.txt
2013-11-26 08:56 - 2013-11-26 08:56 - 00000000 ____D C:\FRST
2013-11-26 08:55 - 2013-11-26 08:55 - 01958474 _____ (Farbar) C:\Users\Lesa\Downloads\FRST64.exe
2013-11-25 23:15 - 2013-11-25 23:15 - 00012386 _____ C:\Users\Lesa\.recently-used.xbel
2013-11-24 08:28 - 2013-11-24 08:29 - 00002852 _____ C:\Users\Lesa\Downloads\SystemLook.txt
2013-11-24 08:27 - 2013-11-24 08:27 - 00165376 _____ C:\Users\Lesa\Downloads\SystemLook_x64.exe
2013-11-23 08:08 - 2013-11-23 08:08 - 00282960 _____ (Mozilla) C:\Users\Lesa\Downloads\Firefox Setup Stub 25.0.1 (1).exe
2013-11-22 19:54 - 2013-11-22 19:54 - 00001792 _____ C:\sc-cleaner.txt
2013-11-22 19:53 - 2013-11-22 19:53 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Lesa\Downloads\sc-cleaner.exe
2013-11-22 19:02 - 2013-11-23 08:09 - 00000934 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-22 18:59 - 2013-11-22 18:59 - 00282960 _____ (Mozilla) C:\Users\Lesa\Downloads\Firefox Setup Stub 25.0.1.exe
2013-11-22 14:12 - 2013-11-25 11:26 - 00000012 ____H C:\dvmexp.idx
2013-11-22 12:47 - 2013-11-22 12:48 - 58653158 _____ C:\Users\Lesa\Downloads\2-15-2013-tiffcall.zip
2013-11-21 18:38 - 2013-11-26 08:56 - 00030856 _____ C:\Windows\setupact.log
2013-11-21 18:35 - 2013-11-21 18:35 - 00034427 _____ C:\ComboFix.txt
2013-11-21 18:00 - 2013-11-21 18:00 - 05146522 ____R (Swearware) C:\Users\Lesa\Downloads\ComboFix.exe
2013-11-21 14:22 - 2013-11-21 14:22 - 01071400 _____ (Solid State Networks) C:\Users\Lesa\Downloads\install_flashplayer11x32axau_mssa_aaa_aih (1).exe
2013-11-21 14:09 - 2013-11-21 14:09 - 00024799 _____ C:\Users\Lesa\Desktop\JRT.txt
2013-11-21 14:04 - 2013-11-21 14:04 - 00000000 ____D C:\Windows\ERUNT
2013-11-21 13:39 - 2013-11-21 13:39 - 01034531 _____ (Thisisu) C:\Users\Lesa\Downloads\JRT.exe
2013-11-21 13:37 - 2013-11-21 13:38 - 01071400 _____ (Solid State Networks) C:\Users\Lesa\Downloads\install_flashplayer11x32axau_mssa_aaa_aih.exe
2013-11-21 00:55 - 2013-11-21 00:55 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-21 00:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-21 00:53 - 2013-11-21 00:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lesa\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-21 00:38 - 2013-11-26 08:38 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
2013-11-21 00:38 - 2013-11-26 02:00 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
2013-11-21 00:38 - 2013-11-21 00:38 - 00003578 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41
2013-11-21 00:38 - 2013-11-21 00:38 - 00003504 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73
2013-11-21 00:38 - 2013-11-21 00:38 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-21 00:38 - 2013-11-21 00:38 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\SUPERAntiSpyware.com
2013-11-21 00:38 - 2013-11-21 00:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-21 00:38 - 2013-11-21 00:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-21 00:16 - 2013-11-21 00:16 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-21 00:15 - 2013-11-21 00:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-21 00:14 - 2013-11-21 00:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-20 23:54 - 2013-11-20 23:54 - 13670584 _____ (Microsoft Corporation) C:\Users\Lesa\Downloads\mseinstall.exe
2013-11-20 23:53 - 2013-11-20 23:54 - 28569352 _____ (SUPERAntiSpyware) C:\Users\Lesa\Downloads\SUPERAntiSpyware (1).exe
2013-11-20 23:44 - 2013-11-20 23:45 - 00000000 ____D C:\Users\Lesa\Documents\WorkLifeBalance
2013-11-20 23:40 - 2013-11-20 23:40 - 00869456 _____ C:\Users\Lesa\Downloads\Norton_Removal_Tool.exe
2013-11-20 23:32 - 2013-11-20 23:32 - 02633888 _____ C:\Users\Lesa\Downloads\WorkLifeBalancePDFs.zip
2013-11-20 23:18 - 2013-11-20 23:18 - 00000000 ____D C:\Users\Lesa\Documents\MoJo Angela Wills
2013-11-20 22:58 - 2013-11-20 22:58 - 00024660 _____ C:\Users\Lesa\Downloads\PartnerPayDay.mm
2013-11-20 22:41 - 2013-11-20 23:25 - 00000000 ____D C:\Users\Lesa\Documents\MyNams
2013-11-20 22:32 - 2013-11-20 22:32 - 03717444 _____ C:\Users\Lesa\Downloads\coachglue-business-finances.zip
2013-11-20 22:27 - 2013-11-20 23:11 - 00000000 ____D C:\Users\Lesa\Documents\CoachGlue
2013-11-19 12:57 - 2013-11-19 12:57 - 00000000 ____D C:\Users\Lesa\Documents\Blogging Class
2013-11-18 18:05 - 2013-11-18 18:05 - 00602112 _____ (OldTimer Tools) C:\Users\Lesa\Downloads\OTL.exe
2013-11-18 08:37 - 2013-11-18 08:37 - 05817194 _____ C:\Users\Lesa\Downloads\E22 Curriculum Supplement Final Files.zip
2013-11-18 08:37 - 2013-11-18 08:37 - 04107538 _____ C:\Users\Lesa\Downloads\The American Revolution Trilogy (2).zip
2013-11-18 08:37 - 2013-11-18 08:37 - 04107538 _____ C:\Users\Lesa\Downloads\The American Revolution Trilogy (1).zip
2013-11-18 08:36 - 2013-11-18 08:36 - 04107538 _____ C:\Users\Lesa\Downloads\The American Revolution Trilogy.zip
2013-11-16 06:52 - 2013-11-16 06:52 - 00004022 _____ C:\Windows\System32\Tasks\LaunchApp
2013-11-16 06:52 - 2013-11-16 06:52 - 00000000 ____D C:\Users\Lesa\SyncFolder
2013-11-15 17:52 - 2013-11-15 17:52 - 00008057 _____ C:\Users\Lesa\Downloads\loader600x400 (1).dcr
2013-11-15 17:51 - 2013-11-15 17:51 - 00008057 _____ C:\Users\Lesa\Downloads\loader600x400.dcr
2013-11-14 03:21 - 2013-10-12 02:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:21 - 2013-10-12 02:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:21 - 2013-10-12 02:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 03:21 - 2013-10-12 02:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:21 - 2013-10-12 02:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 03:21 - 2013-10-12 01:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:21 - 2013-10-12 01:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:21 - 2013-10-12 01:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 03:21 - 2013-10-12 00:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:21 - 2013-10-12 00:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:21 - 2013-10-11 23:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 03:21 - 2013-10-11 23:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 09:19 - 2013-11-13 09:24 - 15871329 _____ C:\Users\Lesa\Downloads\Welcome To The Challenge (1).flv
2013-11-13 09:05 - 2013-11-13 09:10 - 15871329 _____ C:\Users\Lesa\Downloads\Welcome To The Challenge.flv
2013-11-13 05:06 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 05:06 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 05:06 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 05:06 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 05:06 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 05:06 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 05:06 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 05:06 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 05:06 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 05:06 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 05:06 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 05:06 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 05:06 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 05:06 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 05:06 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 05:06 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 05:06 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 05:06 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 05:06 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 05:05 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 05:05 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 05:05 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 05:05 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 05:05 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 05:05 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 05:05 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 05:05 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 05:05 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 05:05 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 05:05 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 01:11 - 2013-11-13 01:12 - 00000000 ____D C:\Users\Lesa\AppData\Local\Hightail
2013-11-13 01:11 - 2013-11-13 01:11 - 00001957 _____ C:\Users\Public\Desktop\Hightail Desktop App.lnk
2013-11-13 01:11 - 2013-11-13 01:11 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\Hightail
2013-11-13 01:11 - 2013-11-13 01:11 - 00000000 ____D C:\Program Files (x86)\Hightail Desktop App
2013-11-10 17:57 - 2013-11-11 08:31 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-11-10 17:53 - 2013-11-11 08:31 - 00000000 ____D C:\Program Files (x86)\Social Privacy DNS
2013-11-07 18:56 - 2013-11-07 18:56 - 00001109 _____ C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
2013-11-07 18:56 - 2013-11-07 18:56 - 00000000 ____D C:\Users\Lesa\.kindle
2013-11-07 18:52 - 2013-11-07 18:53 - 41072600 _____ (Amazon.com) C:\Users\Lesa\Downloads\KindleComicCreatorInstall.exe
2013-11-07 15:57 - 2013-11-07 15:57 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 15:55 - 2013-11-07 15:56 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 15:55 - 2013-11-07 15:56 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 15:55 - 2013-11-07 15:56 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 15:55 - 2013-11-07 15:55 - 00000000 ____D C:\Program Files\iPod
2013-11-07 01:21 - 2013-11-07 18:56 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-10-30 23:55 - 2013-10-30 23:55 - 00097966 _____ C:\Users\Lesa\Downloads\download-12106f71-a3ee-4fe2-ac86-4b37fb33612d.csv
2013-10-30 23:46 - 2013-10-30 23:46 - 00068722 _____ C:\Users\Lesa\Downloads\download-5730fa8f-339d-40db-aeb1-ddb5b9773038.csv

==================== One Month Modified Files and Folders =======

2013-11-26 08:57 - 2013-11-26 08:56 - 00021067 _____ C:\Users\Lesa\Downloads\FRST.txt
2013-11-26 08:56 - 2013-11-26 08:56 - 00000000 ____D C:\FRST
2013-11-26 08:56 - 2013-11-21 18:38 - 00030856 _____ C:\Windows\setupact.log
2013-11-26 08:55 - 2013-11-26 08:55 - 01958474 _____ (Farbar) C:\Users\Lesa\Downloads\FRST64.exe
2013-11-26 08:55 - 2012-04-02 08:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-26 08:55 - 2001-12-31 23:43 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\DNA
2013-11-26 08:43 - 2010-03-23 14:16 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job
2013-11-26 08:38 - 2013-11-21 00:38 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job
2013-11-26 08:37 - 2013-02-01 08:59 - 00000000 ____D C:\Users\Lesa\Documents\Outlook Files
2013-11-26 08:02 - 2010-03-22 21:10 - 01853732 _____ C:\Windows\WindowsUpdate.log
2013-11-26 07:59 - 2010-06-21 07:40 - 00000000 ____D C:\ProgramData\LogMeIn
2013-11-26 04:27 - 2011-09-12 09:18 - 00006246 _____ C:\Windows\mozy.flt
2013-11-26 04:27 - 2011-09-12 09:18 - 00003552 _____ C:\Windows\mozy.blk
2013-11-26 02:00 - 2013-11-21 00:38 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job
2013-11-26 00:43 - 2010-03-23 14:16 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job
2013-11-25 23:15 - 2013-11-25 23:15 - 00012386 _____ C:\Users\Lesa\.recently-used.xbel
2013-11-25 23:15 - 2011-03-01 22:05 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\gtk-2.0
2013-11-25 23:15 - 2011-03-01 22:02 - 00000000 ____D C:\Users\Lesa\.gimp-2.6
2013-11-25 23:15 - 2010-03-22 17:21 - 00000000 ____D C:\Users\Lesa
2013-11-25 19:10 - 2011-07-13 12:56 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-11-25 18:04 - 2011-05-18 21:35 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\Dropbox
2013-11-25 11:26 - 2013-11-22 14:12 - 00000012 ____H C:\dvmexp.idx
2013-11-25 11:24 - 2009-07-13 22:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-25 11:24 - 2009-07-13 22:45 - 00016768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-25 11:16 - 2010-03-23 15:10 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 08:29 - 2013-11-24 08:28 - 00002852 _____ C:\Users\Lesa\Downloads\SystemLook.txt
2013-11-24 08:27 - 2013-11-24 08:27 - 00165376 _____ C:\Users\Lesa\Downloads\SystemLook_x64.exe
2013-11-24 08:27 - 2009-07-13 23:13 - 00876850 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 08:26 - 2010-06-01 04:30 - 00000000 ____D C:\Users\Lesa\Documents\Church
2013-11-24 08:25 - 2010-06-17 19:49 - 00000059 _____ C:\Windows\wpd99.drv
2013-11-24 08:25 - 2010-06-17 19:49 - 00000000 ____D C:\ProgramData\pdf995
2013-11-24 08:04 - 2011-02-26 19:51 - 00000467 _____ C:\Windows\BRWMARK.INI
2013-11-23 15:09 - 2010-03-23 14:02 - 01745236 _____ C:\Windows\PFRO.log
2013-11-23 08:09 - 2013-11-22 19:02 - 00000934 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-23 08:08 - 2013-11-23 08:08 - 00282960 _____ (Mozilla) C:\Users\Lesa\Downloads\Firefox Setup Stub 25.0.1 (1).exe
2013-11-22 19:54 - 2013-11-22 19:54 - 00001792 _____ C:\sc-cleaner.txt
2013-11-22 19:53 - 2013-11-22 19:53 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Lesa\Downloads\sc-cleaner.exe
2013-11-22 18:59 - 2013-11-22 18:59 - 00282960 _____ (Mozilla) C:\Users\Lesa\Downloads\Firefox Setup Stub 25.0.1.exe
2013-11-22 12:48 - 2013-11-22 12:47 - 58653158 _____ C:\Users\Lesa\Downloads\2-15-2013-tiffcall.zip
2013-11-22 10:33 - 2010-08-30 07:49 - 00889856 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-22 09:51 - 2011-07-13 10:57 - 00163788 _____ C:\Users\Lesa\Downloads\OTL.Txt
2013-11-21 18:35 - 2013-11-21 18:35 - 00034427 _____ C:\ComboFix.txt
2013-11-21 18:35 - 2011-08-22 04:03 - 00000000 ____D C:\Qoobox
2013-11-21 18:30 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2013-11-21 18:20 - 2009-07-13 20:34 - 23330816 _____ C:\Windows\system32\config\system.bak
2013-11-21 18:20 - 2009-07-13 20:34 - 102498304 _____ C:\Windows\system32\config\software.bak
2013-11-21 18:20 - 2009-07-13 20:34 - 02621440 _____ C:\Windows\system32\config\default.bak
2013-11-21 18:20 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-11-21 18:20 - 2009-07-13 20:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-11-21 18:18 - 2011-08-22 04:07 - 00000000 ____D C:\Windows\ERDNT
2013-11-21 18:00 - 2013-11-21 18:00 - 05146522 ____R (Swearware) C:\Users\Lesa\Downloads\ComboFix.exe
2013-11-21 14:22 - 2013-11-21 14:22 - 01071400 _____ (Solid State Networks) C:\Users\Lesa\Downloads\install_flashplayer11x32axau_mssa_aaa_aih (1).exe
2013-11-21 14:09 - 2013-11-21 14:09 - 00024799 _____ C:\Users\Lesa\Desktop\JRT.txt
2013-11-21 14:04 - 2013-11-21 14:04 - 00000000 ____D C:\Windows\ERUNT
2013-11-21 13:39 - 2013-11-21 13:39 - 01034531 _____ (Thisisu) C:\Users\Lesa\Downloads\JRT.exe
2013-11-21 13:38 - 2013-11-21 13:37 - 01071400 _____ (Solid State Networks) C:\Users\Lesa\Downloads\install_flashplayer11x32axau_mssa_aaa_aih.exe
2013-11-21 13:21 - 2013-10-11 08:13 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-11-21 01:48 - 2010-03-22 17:21 - 00000000 ___RD C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 01:44 - 2012-04-02 08:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-21 01:44 - 2011-05-16 06:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-21 01:44 - 2010-05-11 22:05 - 00000000 ____D C:\Users\Lesa\AppData\Local\Adobe
2013-11-21 01:01 - 2013-09-05 19:38 - 00000113 _____ C:\Users\Lesa\AppData\Roaming\WB.CFG
2013-11-21 01:01 - 2013-09-05 19:38 - 00000006 _____ C:\Users\Lesa\AppData\Roaming\WBPU-TTL.DAT
2013-11-21 00:55 - 2013-11-21 00:55 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-21 00:55 - 2011-07-13 12:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-21 00:54 - 2013-11-21 00:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lesa\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-21 00:38 - 2013-11-21 00:38 - 00003578 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41
2013-11-21 00:38 - 2013-11-21 00:38 - 00003504 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73
2013-11-21 00:38 - 2013-11-21 00:38 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-21 00:38 - 2013-11-21 00:38 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\SUPERAntiSpyware.com
2013-11-21 00:38 - 2013-11-21 00:38 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-21 00:38 - 2013-11-21 00:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-21 00:16 - 2013-11-21 00:16 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-21 00:15 - 2013-11-21 00:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-21 00:15 - 2013-11-21 00:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-21 00:14 - 2011-05-18 21:56 - 00000000 ___RD C:\Users\Lesa\Dropbox
2013-11-21 00:04 - 2010-04-14 14:19 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-11-21 00:03 - 2010-04-14 14:11 - 00000000 ____D C:\ProgramData\Norton
2013-11-20 23:55 - 2010-04-14 14:19 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-20 23:54 - 2013-11-20 23:54 - 13670584 _____ (Microsoft Corporation) C:\Users\Lesa\Downloads\mseinstall.exe
2013-11-20 23:54 - 2013-11-20 23:53 - 28569352 _____ (SUPERAntiSpyware) C:\Users\Lesa\Downloads\SUPERAntiSpyware (1).exe
2013-11-20 23:46 - 2011-05-06 19:28 - 00000000 ____D C:\Users\Lesa\AppData\Local\SMSI
2013-11-20 23:45 - 2013-11-20 23:44 - 00000000 ____D C:\Users\Lesa\Documents\WorkLifeBalance
2013-11-20 23:40 - 2013-11-20 23:40 - 00869456 _____ C:\Users\Lesa\Downloads\Norton_Removal_Tool.exe
2013-11-20 23:32 - 2013-11-20 23:32 - 02633888 _____ C:\Users\Lesa\Downloads\WorkLifeBalancePDFs.zip
2013-11-20 23:25 - 2013-11-20 22:41 - 00000000 ____D C:\Users\Lesa\Documents\MyNams
2013-11-20 23:18 - 2013-11-20 23:18 - 00000000 ____D C:\Users\Lesa\Documents\MoJo Angela Wills
2013-11-20 23:11 - 2013-11-20 22:27 - 00000000 ____D C:\Users\Lesa\Documents\CoachGlue
2013-11-20 22:58 - 2013-11-20 22:58 - 00024660 _____ C:\Users\Lesa\Downloads\PartnerPayDay.mm
2013-11-20 22:32 - 2013-11-20 22:32 - 03717444 _____ C:\Users\Lesa\Downloads\coachglue-business-finances.zip
2013-11-19 12:57 - 2013-11-19 12:57 - 00000000 ____D C:\Users\Lesa\Documents\Blogging Class
2013-11-19 04:21 - 2010-03-22 19:37 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 18:05 - 2013-11-18 18:05 - 00602112 _____ (OldTimer Tools) C:\Users\Lesa\Downloads\OTL.exe
2013-11-18 08:37 - 2013-11-18 08:37 - 05817194 _____ C:\Users\Lesa\Downloads\E22 Curriculum Supplement Final Files.zip
2013-11-18 08:37 - 2013-11-18 08:37 - 04107538 _____ C:\Users\Lesa\Downloads\The American Revolution Trilogy (2).zip
2013-11-18 08:37 - 2013-11-18 08:37 - 04107538 _____ C:\Users\Lesa\Downloads\The American Revolution Trilogy (1).zip
2013-11-18 08:36 - 2013-11-18 08:36 - 04107538 _____ C:\Users\Lesa\Downloads\The American Revolution Trilogy.zip
2013-11-16 06:52 - 2013-11-16 06:52 - 00004022 _____ C:\Windows\System32\Tasks\LaunchApp
2013-11-16 06:52 - 2013-11-16 06:52 - 00000000 ____D C:\Users\Lesa\SyncFolder
2013-11-16 06:38 - 2010-03-22 17:21 - 00001629 _____ C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-16 06:34 - 2013-10-11 08:19 - 00000000 ____D C:\Users\Lesa\AppData\Local\AVG SafeGuard toolbar
2013-11-15 17:52 - 2013-11-15 17:52 - 00008057 _____ C:\Users\Lesa\Downloads\loader600x400 (1).dcr
2013-11-15 17:51 - 2013-11-15 17:51 - 00008057 _____ C:\Users\Lesa\Downloads\loader600x400.dcr
2013-11-14 14:54 - 2013-10-11 08:14 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-14 11:15 - 2010-05-14 18:52 - 00000000 ____D C:\Users\Lesa\Documents\Lesa's Stuff
2013-11-14 10:35 - 2013-10-25 09:58 - 00000000 ____D C:\Users\Lesa\Documents\30 Day Challenge
2013-11-14 05:42 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:24 - 2010-04-14 14:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 03:17 - 2013-08-14 02:01 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:08 - 2010-04-14 13:52 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 14:38 - 2012-09-14 12:28 - 00000000 ____D C:\Program Files (x86)\YNAB 4
2013-11-13 14:37 - 2012-09-14 12:28 - 00000983 _____ C:\Users\Lesa\Desktop\YNAB 4.lnk
2013-11-13 10:15 - 2013-10-22 13:30 - 00000000 ____D C:\Users\Lesa\Documents\2DoWebs
2013-11-13 09:24 - 2013-11-13 09:19 - 15871329 _____ C:\Users\Lesa\Downloads\Welcome To The Challenge (1).flv
2013-11-13 09:17 - 2009-07-14 01:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-13 09:10 - 2013-11-13 09:05 - 15871329 _____ C:\Users\Lesa\Downloads\Welcome To The Challenge.flv
2013-11-13 01:12 - 2013-11-13 01:11 - 00000000 ____D C:\Users\Lesa\AppData\Local\Hightail
2013-11-13 01:11 - 2013-11-13 01:11 - 00001957 _____ C:\Users\Public\Desktop\Hightail Desktop App.lnk
2013-11-13 01:11 - 2013-11-13 01:11 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\Hightail
2013-11-13 01:11 - 2013-11-13 01:11 - 00000000 ____D C:\Program Files (x86)\Hightail Desktop App
2013-11-13 01:11 - 2013-02-13 10:07 - 00000000 ___RD C:\Users\Lesa\Hightail
2013-11-13 01:11 - 2013-02-13 10:07 - 00000000 ____D C:\Users\Lesa\AppData\Local\YouSendIt
2013-11-13 00:38 - 2010-04-30 08:40 - 00000000 ____D C:\Users\Lesa\AppData\Local\Downloaded Installations
2013-11-12 19:36 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-11 08:31 - 2013-11-10 17:57 - 00000000 ____D C:\ProgramData\TubeDimmer
2013-11-11 08:31 - 2013-11-10 17:53 - 00000000 ____D C:\Program Files (x86)\Social Privacy DNS
2013-11-11 08:31 - 2013-10-08 09:43 - 00000000 ____D C:\ProgramData\Licenses
2013-11-11 08:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-11-11 07:55 - 2009-12-16 00:40 - 00000000 ____D C:\Recovery
2013-11-08 13:28 - 2010-07-28 13:45 - 00000000 ____D C:\Users\Lesa\Documents\Dustin
2013-11-07 18:56 - 2013-11-07 18:56 - 00001109 _____ C:\Users\Lesa\Desktop\Kindle Comic Creator.lnk
2013-11-07 18:56 - 2013-11-07 18:56 - 00000000 ____D C:\Users\Lesa\.kindle
2013-11-07 18:56 - 2013-11-07 01:21 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-11-07 18:56 - 2012-07-26 14:09 - 00000000 ____D C:\Users\Lesa\AppData\Local\Amazon
2013-11-07 18:53 - 2013-11-07 18:52 - 41072600 _____ (Amazon.com) C:\Users\Lesa\Downloads\KindleComicCreatorInstall.exe
2013-11-07 16:06 - 2010-05-17 05:55 - 00000000 ____D C:\Users\Lesa\Documents\Business Tutorials & Such
2013-11-07 15:57 - 2013-11-07 15:57 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-07 15:56 - 2013-11-07 15:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 15:56 - 2013-11-07 15:55 - 00000000 ____D C:\Program Files\iTunes
2013-11-07 15:56 - 2013-11-07 15:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-07 15:55 - 2013-11-07 15:55 - 00000000 ____D C:\Program Files\iPod
2013-10-31 21:48 - 2010-04-14 14:26 - 00000000 ____D C:\Users\Lesa\AppData\Local\Mozilla
2013-10-30 23:55 - 2013-10-30 23:55 - 00097966 _____ C:\Users\Lesa\Downloads\download-12106f71-a3ee-4fe2-ac86-4b37fb33612d.csv
2013-10-30 23:46 - 2013-10-30 23:46 - 00068722 _____ C:\Users\Lesa\Downloads\download-5730fa8f-339d-40db-aeb1-ddb5b9773038.csv
2013-10-27 07:14 - 2013-02-13 10:07 - 00000000 ____D C:\Users\Lesa\AppData\Roaming\YouSendIt

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-21 04:22

==================== End Of Log ============================


And the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2013 01
Ran by Lesa at 2013-11-26 08:57:49
Running from C:\Users\Lesa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 2.3.0)
Acrobat.com (x32 Version: 2.3.0.0)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
All-in-One PDF 4.0 (x32 Version: 4.0)
Amazon MP3 Downloader 1.0.10 (x32)
Amazon Send to Kindle (x32 Version: 1.0.0.192)
AMD OverDrive (x32 Version: 3.0.1.0287)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ASUSUpdate (x32)
ATI Catalyst Install Manager (Version: 3.0.745.0)
Audacity 1.2.6 (x32)
Audacity 1.3.13 (Unicode) (x32)
AVG SafeGuard toolbar (x32 Version: 17.1.2.1)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-9440CN (x32 Version: 1.0.1.0)
Camtasia Studio 6 (x32 Version: 6.0.0)
Catalyst Control Center Core Implementation (x32 Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Light (x32 Version: 2009.0918.2132.36825)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0918.2132.36825)
Catalyst Control Center InstallProxy (x32 Version: 2009.0918.2132.36825)
Catalyst Control Center Localization All (x32 Version: 2009.0918.2132.36825)
CCC Help Chinese Standard (x32 Version: 2009.0918.2131.36825)
CCC Help Chinese Traditional (x32 Version: 2009.0918.2131.36825)
CCC Help Czech (x32 Version: 2009.0918.2131.36825)
CCC Help Danish (x32 Version: 2009.0918.2131.36825)
CCC Help Dutch (x32 Version: 2009.0918.2131.36825)
CCC Help English (x32 Version: 2009.0918.2131.36825)
CCC Help Finnish (x32 Version: 2009.0918.2131.36825)
CCC Help French (x32 Version: 2009.0918.2131.36825)
CCC Help German (x32 Version: 2009.0918.2131.36825)
CCC Help Greek (x32 Version: 2009.0918.2131.36825)
CCC Help Hungarian (x32 Version: 2009.0918.2131.36825)
CCC Help Italian (x32 Version: 2009.0918.2131.36825)
CCC Help Japanese (x32 Version: 2009.0918.2131.36825)
CCC Help Korean (x32 Version: 2009.0918.2131.36825)
CCC Help Norwegian (x32 Version: 2009.0918.2131.36825)
CCC Help Polish (x32 Version: 2009.0918.2131.36825)
CCC Help Portuguese (x32 Version: 2009.0918.2131.36825)
CCC Help Russian (x32 Version: 2009.0918.2131.36825)
CCC Help Spanish (x32 Version: 2009.0918.2131.36825)
CCC Help Swedish (x32 Version: 2009.0918.2131.36825)
CCC Help Thai (x32 Version: 2009.0918.2131.36825)
CCC Help Turkish (x32 Version: 2009.0918.2131.36825)
ccc-core-static (x32 Version: 2009.0918.2132.36825)
ccc-utility64 (Version: 2009.0918.2132.36825)
CDBurnerXP (x32 Version: 4.2.7.1801)
Cool & Quiet (x32)
CutePDF Writer 2.7
Dave Ramsey's Financial Peace Financial Software 5.4.1 (x32 Version: 5.4.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diagnostic Utility (x32 Version: 1.00.0000)
DirectXInstallService (x32 Version: 9.0.2)
DNA (HKCU Version: 2.2.4 (16502))
Dropbox (HKCU Version: 2.0.22)
EMCGadgets64 (Version: 1.1.501)
EPU-4 Engine (x32 Version: 1.00.33)
e-Rewards Notify (x32 Version: 1.1.0.83)
ESET Online Scanner v3 (x32)
Facebook Plug-In (HKCU)
FileZilla Client 3.6.0.2 (HKCU Version: 3.6.0.2)
GIMP 2.6.10 (x32 Version: 2.6.10)
Google Calendar Sync (x32)
Google Chrome (HKCU Version: 31.0.1650.57)
GPU NOS (x32 Version: 1.00.10)
Hightail Desktop App (Version: 2.4.7.1621)
iCloud (Version: 3.0.2.163)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 22 (x32 Version: 6.0.220)
KeyScrambler (x32 Version: 2.8.1.0)
Kindle Comic Creator (HKCU Version: 1.100)
Kindle Previewer (HKCU Version: 2.92)
LogMeIn (x32 Version: 4.1.1310)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Market Samurai (x32 Version: 0.87.33)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2008 (x32)
Microsoft SQL Server 2008 Browser (x32 Version: 10.2.4000.0)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.2.4000.0)
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.2.4000.0)
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.2.4000.0)
Microsoft SQL Server 2008 Native Client (Version: 10.2.4000.0)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.2.4000.0)
Microsoft SQL Server 2008 Setup Support Files (x32 Version: 10.2.4000.0)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (x32 Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.2.4000.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
MozyHome (Version: 2.22.2.334)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Pamela Pro 4.7 (x32 Version: 4.7)
Pando Media Booster (x32 Version: 2.3.4.1)
PaperPort Image Printer 64-bit (Version: 1.00.0000)
PC Probe II (x32 Version: 1.04.83)
Pdf995 (x32)
PdfEdit995 (x32)
Pirate101 (x32 Version: 1.0.0)
Platform (x32 Version: 1.34)
QuickTime (x32 Version: 7.74.80.86)
RAIDXpert (x32 Version: 2.4.1540.26)
Rapport (Version: 3.5.1205.18)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5880)
Roxio Activation Module (x32 Version: 1.0)
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0)
Roxio Creator Audio (x32 Version: 3.7.0)
Roxio Creator Copy (x32 Version: 3.7.0)
Roxio Creator Data (x32 Version: 3.7.0)
Roxio Creator Premier (x32 Version: 10.1)
Roxio Creator Premier (x32 Version: 3.7.0)
Roxio Creator Premier 10 (x32 Version: 10.2.606)
Roxio Creator Tools (x32 Version: 3.7.0)
Roxio Express Labeler (x32 Version: 3.2)
Roxio Update Manager (x32 Version: 6.0.0)
ScanSoft PaperPort 11 (x32 Version: 11.2.0000)
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Service Pack 2 for SQL Server 2008 (KB2285068) (x32 Version: 10.2.4000.0)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 5.10 (x32 Version: 5.10.116)
Snap.Do (x32 Version: 11.8.1.13233)
Snap.Do Engine (HKCU Version: 11.8.1.13233)
Social Privacy (x32)
Social Privacy DNS (x32)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
Sql Server Customer Experience Improvement Program (x32 Version: 10.2.4000.0)
StuffIt 11 (x32 Version: 11.2.0)
SUPERAntiSpyware (Version: 5.6.1042)
Ten PDF Reader 8.1 (x32)
Tube Dimmer (x32 Version: 2.6.47)
Turbo Key (x32 Version: 1.00.13)
TurboV (x32 Version: 1.01.05)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Updater (x32 Version: 2.6.47)
VIA Platform Device Manager (x32 Version: 1.34)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)
YNAB 4 version 4.3.319 (x32 Version: 4.3.319)

==================== Restore Points =========================

21-11-2013 19:20:31 OTL Restore Point - 11/21/2013 1:20:31 PM
22-11-2013 15:41:32 OTL Restore Point - 11/22/2013 9:41:32 AM
22-11-2013 19:40:01 OTL Restore Point - 11/22/2013 1:40:01 PM
23-11-2013 21:05:08 OTL Restore Point - 11/23/2013 3:05:08 PM
24-11-2013 03:36:52 OTL Restore Point - 11/23/2013 9:36:52 PM
24-11-2013 08:02:26 Windows Update
25-11-2013 17:12:27 OTL Restore Point - 11/25/2013 11:12:26 AM

==================== Hosts content: ==========================

2009-07-13 20:34 - 2013-11-25 11:12 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00F6C773-DE69-4723-8C43-C5C28F560B7D} - System32\Tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-10-10] (SUPERAdBlocker.com)
Task: {02C7CEB8-1B5C-4FAE-9052-7DC13E10D6E7} - System32\Tasks\ASUS\ASUS GPU NOS => C:\Program Files (x86)\ASUS\GPU NOS\Gpu.exe [2009-10-20] (ASUSTeK Computer Inc.)
Task: {1364235A-1485-491B-B103-021F7884B01C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {47FA44C4-DC2F-4F2A-90BC-D7AB78B7E1C3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\WSCStub.exe
Task: {4A152924-221F-4098-BA0B-1421C9E0D34E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {4BFB90EA-B083-4108-93F7-0EFE4C9406C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-23] (Google Inc.)
Task: {504E3C1D-7744-482F-852E-9D6E46215B73} - System32\Tasks\{FD14F46C-FBD1-4653-A594-B3A5CF8879F9} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {613F9E99-1DD6-4CAA-9254-3FC8A11E1A50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {75A5A063-23C9-4381-A9F5-C2D75A28BA2F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-08-19] (ASUSTeK Computer Inc.)
Task: {79C54ECD-C02B-4F2A-8290-C03710DC03FA} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: {79EBD5C8-4228-4966-AFD9-49629B30DFA4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-10-10] (SUPERAdBlocker.com)
Task: {98FE8AEC-8BCF-462A-A3DB-F1CB2CF4217B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-23] (Google Inc.)
Task: {9F801E77-6E29-4767-8B93-CCFB701DB816} - System32\Tasks\SpywareBlaster AutoUpdate => C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe [2013-03-01] ()
Task: {BD4CBBD9-DAB2-427A-8C89-7911176B0CCC} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-08-20] (ASUSTeK Computer Inc.)
Task: {D1C6A317-54A1-42E8-B3C7-8466832B85C7} - System32\Tasks\DSite => C:\Users\Lesa\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: {E92B6CA6-1159-4463-BF65-A4B92648AF25} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {F3B4F081-B360-43AE-8DED-CBCDE30C038B} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\20.4.0.40\SymErr.exe
Task: {F9B48E44-1A29-4BC9-BC7B-EB57CF188596} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-10-08] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001Core.job => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160849686-1691475319-3697074088-1001UA.job => C:\Users\Lesa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 26f2c088-4198-4513-98ad-c23a71192b41.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c1ba317d-526b-4432-a643-9d00289cff73.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-04-30 07:39 - 2009-05-07 02:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-04-30 07:39 - 2009-05-07 02:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-04-30 07:39 - 2008-01-18 00:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-04-30 07:39 - 2009-08-27 21:31 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-03-12 16:33 - 2013-03-12 16:33 - 00075776 _____ () C:\Program Files (x86)\MR APP\MRAPP.Common.dll
2013-03-12 16:33 - 2013-03-12 16:33 - 00013824 _____ () C:\Program Files (x86)\MR APP\MRAPP.Scheduler.dll
2013-03-12 16:33 - 2013-03-12 16:33 - 00272384 _____ () C:\Program Files (x86)\MR APP\C5.dll
2013-03-12 16:33 - 2013-03-12 16:33 - 00077312 _____ () C:\Program Files (x86)\MR APP\MRAPP.UI.Resources.R23.dll
2010-04-30 07:42 - 2010-04-30 07:42 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-30 07:42 - 2009-01-15 13:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2010-04-30 07:42 - 2009-03-25 15:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2013-03-13 14:48 - 2013-03-13 14:48 - 24978944 _____ () C:\Users\Lesa\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-06-27 09:11 - 2009-06-27 09:11 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2010-04-30 08:39 - 2009-04-29 13:24 - 00253952 _____ () C:\Program Files\ASUS\Turbo Key\pngio.dll
2010-04-30 08:39 - 2009-04-29 13:24 - 00208896 _____ () C:\Program Files\ASUS\Turbo Key\AiNap.dll
2010-04-30 08:39 - 2009-04-29 13:24 - 00008704 _____ () C:\Program Files\ASUS\Turbo Key\vvc.dll
2010-04-30 08:39 - 2008-12-10 19:27 - 00565248 _____ () C:\Program Files\ASUS\TurboV\pngio.dll
2010-04-30 08:39 - 2009-10-26 13:52 - 00135680 _____ () C:\Program Files\ASUS\TurboV\TVOCLIB.DLL
2011-02-26 19:49 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-11-29 15:59 - 2012-11-29 15:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-11-15 11:51 - 2013-11-14 05:28 - 00702416 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-15 11:51 - 2013-11-14 05:28 - 00099792 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-15 11:51 - 2013-11-14 05:29 - 04055504 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-15 11:51 - 2013-11-14 05:29 - 00399312 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-15 11:51 - 2013-11-14 05:28 - 01619408 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-15 11:51 - 2013-11-14 05:29 - 13582800 _____ () C:\Users\Lesa\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2013 10:41:50 PM) (Source: Brother BrLog) (User: )
Description: CTLCN BrtCTLCN: [2013/11/25 22:41:50.305]: [00003364]: brccMCtl.exe: ErrorMessage.cpp (0241) : -------- error code is [0x00011300].

Error: (11/21/2013 03:25:39 PM) (Source: SQLVDI) (User: )
Description: SQLVDI: Loc=SignalAbort. Desc=Client initiates abort. ErrorCode=(0). Process=2604. Thread=4700. Client. Instance=SQLEXPRESS. VD=Global\{618881AA-1004-489E-A36B-9AB02CB616DA}3_SQLVDIMemoryName_0.

Error: (11/21/2013 03:25:39 PM) (Source: SQLVDI) (User: )
Description: SQLVDI: Loc=SignalAbort. Desc=Client initiates abort. ErrorCode=(0). Process=2604. Thread=4700. Client. Instance=SQLEXPRESS. VD=Global\{618881AA-1004-489E-A36B-9AB02CB616DA}2_SQLVDIMemoryName_0.

Error: (11/21/2013 03:25:39 PM) (Source: SQLVDI) (User: )
Description: SQLVDI: Loc=SignalAbort. Desc=Client initiates abort. ErrorCode=(0). Process=2604. Thread=4700. Client. Instance=SQLEXPRESS. VD=Global\{618881AA-1004-489E-A36B-9AB02CB616DA}1_SQLVDIMemoryName_0.


System errors:
=============
Error: (11/26/2013 08:56:11 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:56:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:52:15 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:52:14 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:52:14 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:52:14 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:52:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:52:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:51:15 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.

Error: (11/26/2013 08:51:15 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 48.


Microsoft Office Sessions:
=========================
Error: (11/25/2013 10:41:50 PM) (Source: Brother BrLog)(User: )
Description: CTLCNBrtCTLCN: [2013/11/25 22:41:50.305]: [00003364]: brccMCtl.exe: ErrorMessage.cpp (0241) : -------- error code is [0x00011300].

Error: (11/21/2013 03:25:39 PM) (Source: SQLVDI)(User: )
Description: SignalAbortClient initiates abort026044700ClientSQLEXPRESSGlobal\{618881AA-1004-489E-A36B-9AB02CB616DA}3_SQLVDIMemoryName_0

Error: (11/21/2013 03:25:39 PM) (Source: SQLVDI)(User: )
Description: SignalAbortClient initiates abort026044700ClientSQLEXPRESSGlobal\{618881AA-1004-489E-A36B-9AB02CB616DA}2_SQLVDIMemoryName_0

Error: (11/21/2013 03:25:39 PM) (Source: SQLVDI)(User: )
Description: SignalAbortClient initiates abort026044700ClientSQLEXPRESSGlobal\{618881AA-1004-489E-A36B-9AB02CB616DA}1_SQLVDIMemoryName_0


CodeIntegrity Errors:
===================================
Date: 2013-11-21 18:17:54.536
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-21 18:17:54.206
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-21 18:17:53.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-21 18:17:53.516
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-08-22 06:29:12.763
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-08-22 06:29:12.731
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 3839.18 MB
Available physical RAM: 1240.49 MB
Total Pagefile: 7676.53 MB
Available Pagefile: 4200.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:41.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: FB37FB37)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#19
Essexboy
Posted 26 November 2013 - 04:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached fixlist.txt to the same location as FRST
[attachment=67859:fixlist.txt]
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#20
lesadale
Posted 27 November 2013 - 03:28 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here is the log from FRS Fix:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013
Ran by Lesa at 2013-11-27 09:20:40 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:16110;https=127.0.0.1:16110
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Lesa\AppData\Local\newhb2.crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\Lesa\AppData\Local\newhb2.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lesa\AppData\Local\Google\Chrome\Application\chrome.exe http://aartemis.com/...AP9405137351373
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key deleted successfully.
HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd => Key deleted successfully.
C:\Users\Lesa\AppData\Local\newhb2.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd => Key deleted successfully.
"C:\Users\Lesa\AppData\Local\newhb2.crx" => File/Directory not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====

And the AdwCleaner Log

# AdwCleaner v3.013 - Report created 27/11/2013 at 09:28:06
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Lesa - LESA-PC
# Running from : C:\Users\Lesa\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Lesa\AppData\LocalLow\xfin_portal
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Lesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Lesa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Lesa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Description
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Google Chrome v

[ File : C:\Users\Lesa\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7321 octets] - [27/11/2013 09:23:25]
AdwCleaner[S0].txt - [6768 octets] - [27/11/2013 09:28:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6828 octets] ##########
  • 0

#21
Essexboy
Posted 27 November 2013 - 03:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now.. Has aartemis gone ?
  • 0

#22
lesadale
Posted 27 November 2013 - 03:32 PM

lesadale

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Everything seems to be working fine now. I'm no longer getting the Aartemis page and Firefox downloaded. Thanks so much! Let me know if there is anything else I should do.
  • 0

#23
Essexboy
Posted 27 November 2013 - 04:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#24
Essexboy
Posted 04 December 2013 - 12:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP