Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware /hidden boot partition HELP! [Solved]

Started by sallyw , Nov 25 2013 05:59 AM

  • This topic is locked This topic is locked

#31
Machiavelli
Posted 03 December 2013 - 09:57 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Dr. Machiavelli is coming with a fast answer this time. Is it slow to boot up the PC or only slow to start programs?

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" File not found
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\Run: [AdobeBridge] File not found

:Files
C:\Users\Administrator\AppData\LocalLow\FCTB000061107\Toolbar
C:\Users\Wizard Associates\AppData\Local\Microsoft\Windows Live Mail\Sallywillar 28\2012\22590D68-00000019.eml	
C:\Users\Wizard Associates\Documents\eFax

:Commands
[EmptyTemp]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

Question

Now faster in boot up?
  • 0

Advertisements

#32
sallyw
Posted 04 December 2013 - 11:58 AM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
When i copied the text to the custom scans box, it pasted as if a continuous string.

when i rebooted after run fix, this is the message that popped up in a txt file:

All processes killed
<SALLYW deleted the message from here and re-ran OLD fix>
OTL by OldTimer - Version 3.2.69.0 log created on 12042013_122406

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I am running the OTL scan now and will submit an update when it finishes.

thanks,

Edited by sallyw, 04 December 2013 - 03:04 PM.

  • 0

#33
Machiavelli
Posted 04 December 2013 - 12:06 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Nope please copy the fix as it is posted by me. Line for line ;)
  • 0

#34
sallyw
Posted 04 December 2013 - 12:18 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Startup after reboot was faster than before.
________________

Results from OTL quick scan:

OTL logfile created on: 12/4/13 12:39:49 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wizard Associates\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

9.75 Gb Total Physical Memory | 7.25 Gb Available Physical Memory | 74.40% Memory free
19.50 Gb Paging File | 16.71 Gb Available in Paging File | 85.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.33 Gb Total Space | 459.34 Gb Free Space | 49.96% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS

Computer Name: WIZARD | User Name: Wizard Associates | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
PRC - [2013/11/24 22:37:21 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013/11/24 22:35:24 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2013/10/11 09:00:33 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/23 15:41:26 | 005,019,824 | ---- | M] (Anagram Technologies) -- C:\Program Files (x86)\Anagram Technologies\Copy2Contact\Copy2Contact.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011/11/03 09:21:00 | 001,787,752 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
PRC - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/04 12:32:34 | 000,128,512 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\_elementtree.pyd
MOD - [2013/12/04 12:32:34 | 000,098,816 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32api.pyd
MOD - [2013/12/04 12:32:34 | 000,044,032 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\_socket.pyd
MOD - [2013/12/04 12:32:34 | 000,022,528 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32ts.pyd
MOD - [2013/12/04 12:32:33 | 000,805,888 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\wx._gdi_.pyd
MOD - [2013/12/04 12:32:33 | 000,557,056 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\pysqlite2._sqlite.pyd
MOD - [2013/12/04 12:32:33 | 000,504,832 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\windows._cacheinvalidation.pyd
MOD - [2013/12/04 12:32:33 | 000,320,512 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32com.shell.shell.pyd
MOD - [2013/12/04 12:32:33 | 000,070,656 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\wx._html2.pyd
MOD - [2013/12/04 12:32:33 | 000,026,624 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\_multiprocessing.pyd
MOD - [2013/12/04 12:32:33 | 000,011,264 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32crypt.pyd
MOD - [2013/12/04 12:32:32 | 000,364,544 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\pythoncom27.dll
MOD - [2013/12/04 12:32:32 | 000,087,040 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\_ctypes.pyd
MOD - [2013/12/04 12:32:32 | 000,017,408 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32profile.pyd
MOD - [2013/12/04 12:32:31 | 001,175,040 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\wx._core_.pyd
MOD - [2013/12/04 12:32:31 | 001,153,024 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\_ssl.pyd
MOD - [2013/12/04 12:32:31 | 000,735,232 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\wx._misc_.pyd
MOD - [2013/12/04 12:32:31 | 000,711,680 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\_hashlib.pyd
MOD - [2013/12/04 12:32:31 | 000,110,080 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\PyWinTypes27.dll
MOD - [2013/12/04 12:32:31 | 000,108,544 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32security.pyd
MOD - [2013/12/04 12:32:31 | 000,035,840 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32process.pyd
MOD - [2013/12/04 12:32:31 | 000,025,600 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32pdh.pyd
MOD - [2013/12/04 12:32:30 | 000,811,008 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\wx._windows_.pyd
MOD - [2013/12/04 12:32:30 | 000,122,368 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\wx._wizard.pyd
MOD - [2013/12/04 12:32:30 | 000,119,808 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32file.pyd
MOD - [2013/12/04 12:32:30 | 000,038,912 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32inet.pyd
MOD - [2013/12/04 12:32:29 | 001,062,400 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\wx._controls_.pyd
MOD - [2013/12/04 12:32:28 | 000,686,080 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\unicodedata.pyd
MOD - [2013/12/04 12:32:28 | 000,127,488 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\pyexpat.pyd
MOD - [2013/12/04 12:32:28 | 000,018,432 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\win32event.pyd
MOD - [2013/12/04 12:32:28 | 000,010,240 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI20802\select.pyd
MOD - [2013/11/24 22:33:42 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/11/24 22:33:42 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:02:39 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 22:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/29 22:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/02/04 10:53:40 | 000,063,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/20 07:23:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/10/08 17:09:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/16 03:10:38 | 000,378,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/17 22:10:08 | 000,248,704 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/10/16 17:39:50 | 000,606,048 | ---- | M] (Seagate) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/25 02:34:18 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 21:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 04:36:52 | 000,055,776 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/06/29 01:23:42 | 000,321,992 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2012/05/25 12:14:24 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 13:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/14 20:44:26 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/09/14 20:44:26 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/09/14 20:44:23 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/09/14 20:44:14 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/04/21 17:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013/10/28 19:57:52 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/25 02:34:18 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bostonglobe.com/http:/ [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: nuance%40pdf7:1.0
FF - prefs.js..extensions.enabledAddons: %7B1b8cc170-8c85-11db-b606-0800200c9a66%7D:4.0.1
FF - prefs.js..extensions.enabledAddons: firefogg%40firefogg.org:309
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: seodoctor%40prelovac.com:1.6.2
FF - prefs.js..extensions.enabledAddons: %7Bc75a27d8-4529-449f-b67b-aba65d7a1c0a%7D:4.3
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: verticaltoolbar%40xuldev.org:0.5.1
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: nuance@pdf7:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/29 09:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/29 09:52:54 | 000,000,000 | ---D | M]

[2010/10/20 19:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/12/03 17:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions
[2013/10/14 16:17:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/04/29 12:54:51 | 000,000,000 | ---D | M] (Toggle Web Developer Toolbar) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}
[2013/07/25 16:06:41 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/11/25 14:57:43 | 000,000,000 | ---D | M] (Firefogg) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/12/03 17:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\staged
[2013/11/21 08:15:35 | 002,212,154 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/03/31 14:57:50 | 000,069,940 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/12/02 19:31:47 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/08/13 15:51:42 | 000,109,265 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2011/12/15 16:53:21 | 000,166,750 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi
[2013/05/10 21:31:12 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/12/03 17:57:21 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\staged\[email protected]
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/24 17:54:35 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- C:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/finance
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Disabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: DoNotTrackMe = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.9.813_0\
CHR - Extension: Google Drive = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1021_0\
CHR - Extension: Google Science Fair 2012 = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn\2.0_0\
CHR - Extension: Google Wallet = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Calendar Checker (by Google) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/29 09:58:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0\bin\ssv.dll File not found
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.5.0\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe File not found
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64" File not found
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A020CF5-DFEC-4FCE-A7EA-4028697FD5C4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/03 07:37:32 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\Studio 17
[2013/12/02 19:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/12/02 18:42:59 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/02 18:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/02 18:07:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/02 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/02 13:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/12/02 13:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/12/02 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\LogMeIn Rescue Applet
[2013/12/01 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\AVAST Software
[2013/12/01 11:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/01 11:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/12/01 11:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/29 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\RK_Quarantine
[2013/11/29 14:14:52 | 001,958,440 | ---- | C] (Farbar) -- C:\Users\Wizard Associates\Desktop\FRST64.exe
[2013/11/29 13:50:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/29 10:39:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
[2013/11/29 10:26:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/29 10:11:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 10:11:23 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Wizard Associates\Desktop\JRT.exe
[2013/11/25 21:17:56 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2013/11/25 21:17:56 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/11/25 21:17:47 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2013/11/25 09:53:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/25 06:10:54 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Zemana
[2013/11/25 00:21:28 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/11/25 00:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\White_Sky,_Inc
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2013/11/24 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\ID Vault
[2013/11/24 23:08:30 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/11/24 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2013/11/24 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2013/11/24 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/11/24 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/11/24 13:37:47 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\coupons
[2013/11/20 07:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Windows Live Writer
[2013/11/11 08:54:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/11/11 08:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/11/10 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

========== Files - Modified Within 30 Days ==========

[2013/12/04 12:35:06 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/04 12:35:06 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/04 12:32:07 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/04 12:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/04 12:25:51 | 3556,204,543 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/04 12:24:26 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/04 12:09:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/04 12:08:48 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001UA.job
[2013/12/04 10:08:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001Core.job
[2013/12/04 08:35:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/12/04 08:06:04 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWizard Associates.job
[2013/12/03 18:01:59 | 000,009,216 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/03 03:03:14 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/12/02 18:47:17 | 001,074,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/02 18:47:17 | 000,860,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/02 18:47:17 | 000,195,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/02 18:45:22 | 001,053,246 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/02 18:11:41 | 000,001,095 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/02 18:11:41 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/02 13:43:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/12/02 11:46:55 | 000,001,097 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/12/01 16:39:48 | 000,000,077 | ---- | M] () -- C:\Windows\avast5.ini
[2013/11/29 09:58:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/29 09:44:04 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Wizard Associates\Desktop\JRT.exe
[2013/11/29 09:42:18 | 001,091,882 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
[2013/11/29 09:26:22 | 008,114,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/26 03:02:44 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 03:02:41 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 21:18:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
[2013/11/25 06:35:48 | 001,958,440 | ---- | M] (Farbar) -- C:\Users\Wizard Associates\Desktop\FRST64.exe
[2013/11/22 08:11:53 | 000,001,456 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/11/20 07:25:39 | 000,002,046 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/20 00:09:50 | 000,002,426 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\Google Chrome.lnk
[2013/11/10 09:14:54 | 000,001,091 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\KeePass 2.lnk
[2013/11/10 09:14:53 | 000,001,067 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\KeePass 2.lnk
[2013/11/04 19:21:22 | 000,143,217 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip

========== Files Created - No Company Name ==========

[2013/12/02 18:11:41 | 000,001,095 | ---- | C] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/02 18:07:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/02 13:51:21 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/12/02 13:43:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/12/02 12:19:24 | 000,002,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2013/12/02 12:19:24 | 000,001,250 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Copy2Contact.lnk
[2013/12/02 11:46:15 | 000,001,097 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/12/01 16:39:45 | 000,000,077 | ---- | C] () -- C:\Windows\avast5.ini
[2013/11/29 10:11:23 | 001,091,882 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
[2013/11/26 03:02:44 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 03:02:41 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 21:18:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/11/11 08:54:25 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/11 08:54:03 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/11/04 19:21:43 | 000,143,217 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
[2013/06/28 07:04:02 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2013/06/28 07:04:02 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2013/06/19 15:56:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/04/29 21:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 21:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/20 19:11:31 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/20 12:17:09 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/12 07:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\UserTile.png
[2013/02/09 20:02:21 | 000,000,027 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_data
[2013/02/09 20:01:35 | 000,000,000 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_stat_data
[2012/06/26 06:10:06 | 003,668,480 | ---- | C] () -- C:\Windows\SysWow64\CosmoRenderer.dll
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/08 14:09:35 | 000,013,055 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2012/04/07 14:47:25 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/08 14:46:09 | 000,000,017 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\mpdt294
[2012/03/08 14:46:00 | 000,000,213 | ---- | C] () -- C:\Windows\mapedit2.ini
[2012/02/27 17:53:16 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/25 11:39:29 | 000,007,602 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Resmon.ResmonCfg
[2011/07/03 07:21:12 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/04/22 10:37:09 | 000,009,216 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 15:56:06 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/14 15:49:24 | 000,013,060 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/12/11 18:52:29 | 000,038,529 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/27 11:55:37 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/20 10:48:33 | 000,000,358 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/28 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Amazon
[2010/10/26 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Anagram Technologies
[2012/07/06 05:31:01 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\AnvSoft
[2012/11/12 06:00:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Audacity
[2013/12/01 11:24:49 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\AVAST Software
[2011/12/27 15:59:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Barnes & Noble
[2012/10/12 11:21:19 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Bigasoft Total Video Converter
[2012/03/08 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\BoutellDotCom
[2012/12/31 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\calibre
[2010/11/27 16:21:09 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Catalina Marketing Corp
[2010/10/31 04:24:56 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/23 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Clip Art Collection
[2010/10/22 17:46:28 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\com.boston.globereader.32B98E1E109C99C4674A656F6527F42DE7AB8ABA.1
[2011/01/09 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\com.playsmrt.client
[2013/11/30 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox
[2012/07/04 17:28:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\EasyHtml5Video.com
[2011/04/13 06:18:48 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\eFax Messenger
[2013/08/04 09:14:34 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\eMusic
[2012/06/28 11:08:37 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\FileZilla
[2011/06/21 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\GeoVid
[2011/01/10 06:37:53 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\GetRightToGo
[2013/09/09 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\HandBrake
[2013/11/25 06:11:01 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/07/23 08:13:44 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\IrfanView
[2011/04/13 06:15:32 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\j2 Global
[2011/11/18 16:43:40 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\JLAdventCalendarLondon2011
[2013/12/04 08:34:03 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\KeePass
[2011/01/05 10:05:10 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Moyea
[2013/02/09 20:01:40 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\NewspaperDirect
[2012/04/27 10:21:37 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Nuance
[2012/06/10 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Opera
[2011/03/28 08:32:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\OverDrive
[2010/10/30 12:45:26 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\PACE Anti-Piracy
[2010/10/19 10:50:34 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\PictureMover
[2013/09/21 18:39:23 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\proDAD
[2010/10/31 05:28:16 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/10/21 09:37:54 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Responsive Software
[2010/10/27 14:09:18 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\SoftGrid Client
[2010/10/21 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/11 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder
[2011/03/11 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder-Pro
[2011/03/10 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder.B6F3C1D6D38B1C756F6811928A0ADD2133895C94.1
[2012/02/10 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\SWiSH Max3
[2012/10/02 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TeamViewer
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Thunderbird
[2010/10/25 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TP
[2011/07/09 07:25:51 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Trusteer
[2010/10/22 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/10/25 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\webex
[2010/11/10 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\WinBatch
[2013/11/11 09:39:36 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2012/04/24 17:55:41 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:0574215C

< End of report >

Edited by sallyw, 04 December 2013 - 12:19 PM.

  • 0

#35
Machiavelli
Posted 04 December 2013 - 12:20 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Please take a look at Post #33.
  • 0

#36
sallyw
Posted 04 December 2013 - 03:11 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I've attached a text file with the scan fix as it pastes. for some reason I'm not getting any hard returns/line feeds when I paste the text.

Sally

Attached File  otl custom scan text 120413.txt   4.57KB   190 downloads
  • 0

#37
Machiavelli
Posted 04 December 2013 - 03:24 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
The fix is attached. Copy the content of the textfile into OTL and click Fix.

Attached Files


  • 0

#38
sallyw
Posted 04 December 2013 - 04:01 PM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I ran the fix and OTL after reboot. Here are results.
~ Sally
OTL logfile created on: 12/4/13 4:37:03 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wizard Associates\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

9.75 Gb Total Physical Memory | 7.47 Gb Available Physical Memory | 76.58% Memory free
19.50 Gb Paging File | 17.08 Gb Available in Paging File | 87.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.33 Gb Total Space | 460.06 Gb Free Space | 50.04% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.48 Gb Free Space | 12.22% Space Free | Partition Type: NTFS

Computer Name: WIZARD | User Name: Wizard Associates | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
PRC - [2013/11/24 22:43:23 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\Wizard Associates\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/11/24 22:37:40 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2013/11/24 22:37:21 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013/11/24 22:35:24 | 000,194,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2013/10/11 09:00:33 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/09/25 16:37:00 | 020,133,824 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/23 15:41:26 | 005,019,824 | ---- | M] (Anagram Technologies) -- C:\Program Files (x86)\Anagram Technologies\Copy2Contact\Copy2Contact.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011/11/03 09:21:00 | 001,787,752 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
PRC - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/04 16:32:30 | 000,557,056 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\pysqlite2._sqlite.pyd
MOD - [2013/12/04 16:32:30 | 000,128,512 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\_elementtree.pyd
MOD - [2013/12/04 16:32:30 | 000,098,816 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32api.pyd
MOD - [2013/12/04 16:32:30 | 000,044,032 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\_socket.pyd
MOD - [2013/12/04 16:32:30 | 000,022,528 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32ts.pyd
MOD - [2013/12/04 16:32:29 | 000,805,888 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\wx._gdi_.pyd
MOD - [2013/12/04 16:32:29 | 000,504,832 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\windows._cacheinvalidation.pyd
MOD - [2013/12/04 16:32:29 | 000,320,512 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32com.shell.shell.pyd
MOD - [2013/12/04 16:32:29 | 000,070,656 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\wx._html2.pyd
MOD - [2013/12/04 16:32:29 | 000,026,624 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\_multiprocessing.pyd
MOD - [2013/12/04 16:32:29 | 000,011,264 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32crypt.pyd
MOD - [2013/12/04 16:32:28 | 000,735,232 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\wx._misc_.pyd
MOD - [2013/12/04 16:32:28 | 000,364,544 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\pythoncom27.dll
MOD - [2013/12/04 16:32:28 | 000,110,080 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\PyWinTypes27.dll
MOD - [2013/12/04 16:32:28 | 000,108,544 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32security.pyd
MOD - [2013/12/04 16:32:28 | 000,087,040 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\_ctypes.pyd
MOD - [2013/12/04 16:32:28 | 000,017,408 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32profile.pyd
MOD - [2013/12/04 16:32:27 | 001,175,040 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\wx._core_.pyd
MOD - [2013/12/04 16:32:27 | 001,153,024 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\_ssl.pyd
MOD - [2013/12/04 16:32:27 | 000,811,008 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\wx._windows_.pyd
MOD - [2013/12/04 16:32:27 | 000,711,680 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\_hashlib.pyd
MOD - [2013/12/04 16:32:27 | 000,122,368 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\wx._wizard.pyd
MOD - [2013/12/04 16:32:27 | 000,119,808 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32file.pyd
MOD - [2013/12/04 16:32:27 | 000,035,840 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32process.pyd
MOD - [2013/12/04 16:32:27 | 000,025,600 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32pdh.pyd
MOD - [2013/12/04 16:32:26 | 001,062,400 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\wx._controls_.pyd
MOD - [2013/12/04 16:32:26 | 000,686,080 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\unicodedata.pyd
MOD - [2013/12/04 16:32:26 | 000,127,488 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\pyexpat.pyd
MOD - [2013/12/04 16:32:26 | 000,038,912 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32inet.pyd
MOD - [2013/12/04 16:32:26 | 000,018,432 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\win32event.pyd
MOD - [2013/12/04 16:32:26 | 000,010,240 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042\select.pyd
MOD - [2013/11/24 22:37:35 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
MOD - [2013/11/24 22:37:27 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2013/11/24 22:33:42 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/11/24 22:33:42 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:02:39 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/29 22:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/04/29 22:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/02/04 10:53:40 | 000,063,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/20 07:23:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/25 02:34:06 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/10/08 17:09:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/09 23:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/16 03:10:38 | 000,378,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/17 22:10:08 | 000,248,704 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2012/08/31 09:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/09 00:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/10/16 17:39:50 | 000,606,048 | ---- | M] (Seagate) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/25 02:34:18 | 000,317,808 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 14:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/04/29 23:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/04/29 21:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 04:36:52 | 000,055,776 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2012/06/29 01:23:42 | 000,321,992 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2012/05/25 12:14:24 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 13:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/14 20:44:26 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/09/14 20:44:26 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/09/14 20:44:23 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/09/14 20:44:14 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/04/21 17:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013/10/28 19:57:52 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/25 02:34:18 | 000,399,312 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/10/25 02:34:18 | 000,284,176 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{46C0BE18-852B-49C3-8AC7-D37BBCA7D4FA}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bostonglobe.com/http:/ [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\..\SearchScopes\{76F76EDF-2988-4A2A-B29A-C081B8BAD1DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc8"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: nuance%40pdf7:1.0
FF - prefs.js..extensions.enabledAddons: %7B1b8cc170-8c85-11db-b606-0800200c9a66%7D:4.0.1
FF - prefs.js..extensions.enabledAddons: firefogg%40firefogg.org:309
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: seodoctor%40prelovac.com:1.6.2
FF - prefs.js..extensions.enabledAddons: %7Bc75a27d8-4529-449f-b67b-aba65d7a1c0a%7D:4.3
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.618
FF - prefs.js..extensions.enabledAddons: verticaltoolbar%40xuldev.org:0.5.1
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.1
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: nuance@pdf7:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/29 09:52:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/10/31 12:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/20 12:36:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/20 07:23:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/29 09:52:54 | 000,000,000 | ---D | M]

[2010/10/20 19:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/12/03 17:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions
[2013/10/14 16:17:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013/04/29 12:54:51 | 000,000,000 | ---D | M] (Toggle Web Developer Toolbar) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}
[2013/07/25 16:06:41 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/11/25 14:57:43 | 000,000,000 | ---D | M] (Firefogg) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/12/03 17:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\staged
[2013/11/21 08:15:35 | 002,212,154 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/03/31 14:57:50 | 000,069,940 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2012/12/02 19:31:47 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2013/08/13 15:51:42 | 000,109,265 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\[email protected]
[2011/12/15 16:53:21 | 000,166,750 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi
[2013/05/10 21:31:12 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/12/03 17:57:21 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Wizard Associates\AppData\Roaming\Mozilla\Firefox\Profiles\jph4l5dv.default\extensions\staged\[email protected]
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/20 07:23:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 07:23:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/04/24 17:54:35 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- C:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2010/11/27 16:21:09 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/finance
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Disabled) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Wizard Associates\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wizard Associates\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Disabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: DoNotTrackMe = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkeiedlemmabfclbdkalidkolgdphij\2.2.9.813_0\
CHR - Extension: Google Drive = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1021_0\
CHR - Extension: Google Science Fair 2012 = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjibekncdookhijmkplhapjcfnglelcn\2.0_0\
CHR - Extension: Google Wallet = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Calendar Checker (by Google) = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.4.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Wizard Associates\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/11/29 09:58:02 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0\bin\ssv.dll File not found
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.5.0\bin\jp2ssv.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:64bit: - HKU\S-1-5-21-2394937029-579550273-2574859083-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe File not found
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2394937029-579550273-2574859083-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysme...sCamControl.ocx (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://networkforgo...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A020CF5-DFEC-4FCE-A7EA-4028697FD5C4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{378CC7A2-2B23-4B9B-BEFB-ACF7DA185A91}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/03 07:37:32 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\Studio 17
[2013/12/02 19:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/12/02 18:42:59 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/02 18:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/02 18:07:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/02 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/02 13:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/12/02 13:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/12/02 11:09:09 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\LogMeIn Rescue Applet
[2013/12/01 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\AVAST Software
[2013/12/01 11:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/01 11:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/12/01 11:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/29 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\RK_Quarantine
[2013/11/29 14:14:52 | 001,958,440 | ---- | C] (Farbar) -- C:\Users\Wizard Associates\Desktop\FRST64.exe
[2013/11/29 13:50:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/29 10:39:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
[2013/11/29 10:26:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/29 10:11:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 10:11:23 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Wizard Associates\Desktop\JRT.exe
[2013/11/25 21:17:56 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2013/11/25 21:17:56 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/11/25 21:17:47 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2013/11/25 09:53:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/25 06:10:54 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Zemana
[2013/11/25 00:21:28 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/11/25 00:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\White_Sky,_Inc
[2013/11/24 23:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2013/11/24 23:09:20 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\ID Vault
[2013/11/24 23:08:30 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/11/24 23:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2013/11/24 23:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2013/11/24 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/11/24 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/11/24 13:37:47 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\Desktop\coupons
[2013/11/20 07:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2013/11/11 09:13:40 | 000,000,000 | ---D | C] -- C:\Users\Wizard Associates\AppData\Local\Windows Live Writer
[2013/11/11 08:54:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/11/11 08:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/11/10 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

========== Files - Modified Within 30 Days ==========

[2013/12/04 16:32:42 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/04 16:32:42 | 000,032,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/04 16:32:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/04 16:24:19 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/04 16:23:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/04 16:23:24 | 3556,204,543 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/04 16:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/04 16:08:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001UA.job
[2013/12/04 14:06:04 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForWizard Associates.job
[2013/12/04 13:05:50 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013/12/04 10:08:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2394937029-579550273-2574859083-1001Core.job
[2013/12/03 18:01:59 | 000,009,216 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/03 03:03:14 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/12/02 18:47:17 | 001,074,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/02 18:47:17 | 000,860,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/02 18:47:17 | 000,195,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/02 18:45:22 | 001,053,246 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/02 18:11:41 | 000,001,095 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/02 18:11:41 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/02 13:43:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/12/02 11:46:55 | 000,001,097 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/12/01 16:39:48 | 000,000,077 | ---- | M] () -- C:\Windows\avast5.ini
[2013/11/29 09:58:02 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/29 09:44:04 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Wizard Associates\Desktop\JRT.exe
[2013/11/29 09:42:18 | 001,091,882 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
[2013/11/29 09:26:22 | 008,114,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/26 03:02:44 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 03:02:41 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 21:18:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2013/11/25 17:01:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wizard Associates\Desktop\OTL.exe
[2013/11/25 06:35:48 | 001,958,440 | ---- | M] (Farbar) -- C:\Users\Wizard Associates\Desktop\FRST64.exe
[2013/11/22 08:11:53 | 000,001,456 | ---- | M] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/11/20 07:25:39 | 000,002,046 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/20 00:09:50 | 000,002,426 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\Google Chrome.lnk
[2013/11/10 09:14:54 | 000,001,091 | ---- | M] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\KeePass 2.lnk
[2013/11/10 09:14:53 | 000,001,067 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\KeePass 2.lnk
[2013/11/04 19:21:22 | 000,143,217 | ---- | M] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip

========== Files Created - No Company Name ==========

[2013/12/02 18:11:41 | 000,001,095 | ---- | C] () -- C:\Users\Wizard Associates\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/02 18:07:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/02 13:51:21 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/12/02 13:43:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/12/02 12:19:24 | 000,002,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2013/12/02 12:19:24 | 000,001,250 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Copy2Contact.lnk
[2013/12/02 11:46:15 | 000,001,097 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/12/01 16:39:45 | 000,000,077 | ---- | C] () -- C:\Windows\avast5.ini
[2013/11/29 10:11:23 | 001,091,882 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\AdwCleaner.exe
[2013/11/26 03:02:44 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/26 03:02:41 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/25 21:18:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/11/11 08:54:25 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/11 08:54:03 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/11/04 19:21:43 | 000,143,217 | ---- | C] () -- C:\Users\Wizard Associates\Desktop\bootstrap-3.0.1-dist.zip
[2013/06/28 07:04:02 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2013/06/28 07:04:02 | 000,245,840 | ---- | C] () -- C:\Windows\SysWow64\DNLEng.dll
[2013/06/19 15:56:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/04/29 21:37:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/29 21:37:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/02/20 19:11:31 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/02/20 12:17:09 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/12 07:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\UserTile.png
[2013/02/09 20:02:21 | 000,000,027 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_data
[2013/02/09 20:01:35 | 000,000,000 | -HS- | C] () -- C:\Users\Wizard Associates\.pr_stat_data
[2012/06/26 06:10:06 | 003,668,480 | ---- | C] () -- C:\Windows\SysWow64\CosmoRenderer.dll
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/08 14:09:35 | 000,013,055 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2012/04/07 14:47:25 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/08 14:46:09 | 000,000,017 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\mpdt294
[2012/03/08 14:46:00 | 000,000,213 | ---- | C] () -- C:\Windows\mapedit2.ini
[2012/02/27 17:53:16 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/25 11:39:29 | 000,007,602 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Resmon.ResmonCfg
[2011/07/03 07:21:12 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/04/22 10:37:09 | 000,009,216 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 15:56:06 | 000,000,132 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/14 15:49:24 | 000,013,060 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/12/11 18:52:29 | 000,038,529 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/10/27 11:55:37 | 000,001,456 | ---- | C] () -- C:\Users\Wizard Associates\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/20 10:48:33 | 000,000,358 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/05/30 04:27:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Anagram Technologies
[2013/12/01 16:39:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
[2011/05/30 04:28:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PictureMover
[2011/07/14 04:51:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trusteer
[2012/07/19 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zeon
[2011/08/25 04:21:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/08/25 04:21:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/11/28 15:20:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Amazon
[2010/10/26 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Anagram Technologies
[2012/07/06 05:31:01 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\AnvSoft
[2012/11/12 06:00:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Audacity
[2013/12/01 11:24:49 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\AVAST Software
[2011/12/27 15:59:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Barnes & Noble
[2012/10/12 11:21:19 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Bigasoft Total Video Converter
[2012/03/08 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\BoutellDotCom
[2012/12/31 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\calibre
[2010/11/27 16:21:09 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Catalina Marketing Corp
[2010/10/31 04:24:56 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/23 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Clip Art Collection
[2010/10/22 17:46:28 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\com.boston.globereader.32B98E1E109C99C4674A656F6527F42DE7AB8ABA.1
[2011/01/09 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\com.playsmrt.client
[2013/11/30 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Dropbox
[2012/07/04 17:28:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\EasyHtml5Video.com
[2011/04/13 06:18:48 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\eFax Messenger
[2013/08/04 09:14:34 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\eMusic
[2012/06/28 11:08:37 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\FileZilla
[2011/06/21 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\GeoVid
[2011/01/10 06:37:53 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\GetRightToGo
[2013/09/09 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\HandBrake
[2013/11/25 06:11:01 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\ID Vault
[2013/07/23 08:13:44 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\IrfanView
[2011/04/13 06:15:32 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\j2 Global
[2011/11/18 16:43:40 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\JLAdventCalendarLondon2011
[2013/12/04 16:18:18 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\KeePass
[2011/01/05 10:05:10 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Moyea
[2013/02/09 20:01:40 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\NewspaperDirect
[2012/04/27 10:21:37 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Nuance
[2012/06/10 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Opera
[2011/03/28 08:32:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\OverDrive
[2010/10/30 12:45:26 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\PACE Anti-Piracy
[2010/10/19 10:50:34 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\PictureMover
[2013/09/21 18:39:23 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\proDAD
[2010/10/31 05:28:16 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2010/10/21 09:37:54 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Responsive Software
[2010/10/27 14:09:18 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\SoftGrid Client
[2010/10/21 17:45:39 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/11 17:49:14 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder
[2011/03/11 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder-Pro
[2011/03/10 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\svBuilder.B6F3C1D6D38B1C756F6811928A0ADD2133895C94.1
[2012/02/10 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\SWiSH Max3
[2012/10/02 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TeamViewer
[2010/10/20 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Thunderbird
[2010/10/25 08:09:13 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TP
[2011/07/09 07:25:51 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Trusteer
[2010/10/22 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/10/25 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\webex
[2010/11/10 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\WinBatch
[2013/11/11 09:39:36 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Windows Live Writer
[2012/04/24 17:55:41 | 000,000,000 | ---D | M] -- C:\Users\Wizard Associates\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:0574215C

< End of report >
  • 0

#39
Machiavelli
Posted 05 December 2013 - 07:09 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
How is your PC running now? Faster?
  • 0

#40
sallyw
Posted 05 December 2013 - 11:15 AM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
yes. the PC is running faster.

Sally
  • 0

Advertisements

#41
Machiavelli
Posted 05 December 2013 - 12:10 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello,
Your computer is clean now ... If you are cool and nice a feedback in this forum here would be great.

- FIRST -

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0\bin\ssv.dll File not found
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.5.0\bin\jp2ssv.dll File not found
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe File not found
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
    O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
    O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
    O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
    O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Reg Error: Key error.)

    :Files
    C:\Users\Wizard Associates\AppData\Local\Temp\_MEI23042
    C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
    C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
    C:\Users\Wizard Associates\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll

    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

- NEXT -

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Posted Image

- NEXT -

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):

  • ESET

What's with MBAM?

Malwarebytes is a very good free scanner! It isn't a one demand scanner so it won't have any problems with your AntiVirus! It would be good if you scan your PC after Malware every 1-2 months (of course with Malwarebytes).
But if you like to uninstall it, then make that:

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):

  • Malwarebytes

- NEXT -

Download File-Hippo Updatechecker http://www.filehippo.../updatechecker/ Please run it monthly - it will scan your Updatestatus. For example a program is out dated the UpdateChecker will give you a link where you can download the newest version of the respective program.

How to update programs with FileHippo Updatechecker?

  • Start FileHippo Updatechecker
  • You get redirected to a Website
  • You probably see a list of updates (if not then are probably all programs up to date)
  • Click on the first item of the list, download the Update , after that reboot the Computer and take the next item of the list!


- NEXT -


Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide (http://www.geekstogo...g-your-machine/) written by tech expert Artellos.

Keep safe! :thumbsup:
  • 0

#42
sallyw
Posted 06 December 2013 - 04:06 AM

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thanks. i'll run the fix and cleanup.

and do my best to stay clean.
Sally
  • 0

#43
Essexboy
Posted 06 December 2013 - 06:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP