Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't remove Price Comparison from Firefox [Solved]

Started by DSteckler , Jan 06 2014 02:53 PM

  • This topic is locked This topic is locked

#1
DSteckler
Posted 06 January 2014 - 02:53 PM

DSteckler

    Member

  • Member
  • PipPip
  • 21 posts
I cannot remove Price Comparison from popping up on Firefox. It is not listed as an Add-On Extension nor does anything with the name appear when I run Windows Uninstall a program. I ran SpyHunter, Malwarebytes, Junk Removal Tool, and adwcleaner but they did not help.

OTL logfile created on: 1/6/2014 2:38:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 4.89 Gb Available Physical Memory | 62.10% Memory free
15.75 Gb Paging File | 12.24 Gb Available in Paging File | 77.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.81 Gb Total Space | 723.25 Gb Free Space | 79.49% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/06 14:37:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2013/12/16 15:09:56 | 000,070,768 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2013/12/11 08:16:04 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/05 13:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/03 15:43:44 | 003,003,904 | ---- | M] (HGSI Investment Software LLC) -- C:\Program Files (x86)\HGS Investor V8\hgsV8.exe
PRC - [2013/11/12 10:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/11/02 15:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/11/02 14:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/14 06:59:52 | 005,537,136 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2013/08/07 13:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/08/07 13:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/06/05 14:17:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/18 12:04:53 | 000,071,224 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
PRC - [2013/04/18 12:04:49 | 000,045,624 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
PRC - [2013/03/25 13:45:52 | 000,694,584 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/03/25 13:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/03/12 21:38:36 | 002,213,944 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
PRC - [2013/02/22 04:42:44 | 000,292,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/02/01 20:27:40 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/11/22 22:51:38 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2012/08/28 09:53:14 | 000,036,744 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/01/27 15:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 20:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 16:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2011/12/16 11:38:48 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 11:38:46 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 11:38:24 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2011/09/06 05:32:20 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011/08/04 13:44:24 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011/08/04 13:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/07/25 10:10:34 | 000,468,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/04/20 16:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2011/04/20 16:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/08 01:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1370466466\ee\aolsoftware.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2010/01/11 12:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/08/18 01:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe
PRC - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
PRC - [2006/10/22 22:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/11 08:16:04 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/12/05 13:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/27 07:46:49 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5fe10bae336585d4703262f1f2d110ee\System.IdentityModel.ni.dll
MOD - [2013/11/27 07:46:47 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5bca89765ee92dd6018c3782247dba9b\System.ServiceModel.ni.dll
MOD - [2013/11/27 07:46:37 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\9dcf4adb73ccc5397321c688a6a532c7\System.ServiceModel.Web.ni.dll
MOD - [2013/11/27 07:32:36 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3b483737ce19c597d351cdb1f4eb3da0\System.ServiceModel.Internals.ni.dll
MOD - [2013/11/27 07:32:36 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\5c250132c9d7fb45ec9b331ec2e4ef2e\SMDiagnostics.ni.dll
MOD - [2013/11/27 07:32:34 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\05ca0ca95b6fcc0d710b63b6200cc178\System.Windows.Forms.ni.dll
MOD - [2013/11/27 07:32:32 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\66ce786a0b16af8c3f5c480cd6e84376\System.Runtime.Serialization.ni.dll
MOD - [2013/11/27 07:32:30 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2013/11/27 07:32:29 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2013/11/27 07:32:28 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c4477b3ce64d0d612d1ab0dba425b77f\System.Drawing.ni.dll
MOD - [2013/11/27 07:32:26 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2013/11/27 07:32:25 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2013/11/27 07:32:20 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2013/10/09 06:27:10 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll
MOD - [2013/10/09 06:27:07 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\96afc74588c6581e299884469ea0dced\System.Xml.Linq.ni.dll
MOD - [2013/10/09 06:26:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/09 06:26:30 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a42743bb1ed71d59b6594b67cf6c9384\System.IdentityModel.ni.dll
MOD - [2013/10/09 06:26:29 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\500a8762e9db21360a5df2e38a33f777\System.ServiceModel.ni.dll
MOD - [2013/10/09 06:19:06 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/09 06:18:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 06:18:51 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/09 06:18:44 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/09 06:18:42 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/10 20:45:11 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c5f2c02bd940c74019ed4a183c7830c0\System.WorkflowServices.ni.dll
MOD - [2013/09/10 20:33:49 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/08/15 02:32:57 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2013/08/15 02:32:55 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll
MOD - [2013/08/15 02:27:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 02:27:24 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 02:27:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/10 09:16:04 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/10 09:15:10 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/04/18 12:04:54 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
MOD - [2013/04/18 12:04:28 | 022,152,704 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll
MOD - [2013/04/18 12:04:27 | 000,648,704 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\libGLESv2.dll
MOD - [2013/04/18 12:04:26 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\libEGL.dll
MOD - [2013/04/18 12:04:17 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\components\Tier2Svc.dll
MOD - [2013/04/18 12:04:17 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\components\DataSvcs.dll
MOD - [2013/04/18 12:04:16 | 001,195,022 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\avcodec-54.dll
MOD - [2013/04/18 12:04:16 | 000,217,614 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\avformat-54.dll
MOD - [2013/04/18 12:04:16 | 000,138,766 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\avutil-51.dll
MOD - [2012/01/26 20:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/09/06 15:04:40 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\HGS Investor V8\ug3220.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/18 17:46:52 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2013/10/16 15:32:54 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/08/07 13:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/01/11 12:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/12/16 15:09:56 | 000,070,768 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2013/12/11 08:16:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 13:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/12 10:04:20 | 000,196,616 | ---- | M] (Dell Products, LP.) [Auto | Running] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/11/02 15:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/11/02 14:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2013/06/05 16:47:52 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/06/05 14:17:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/03/25 13:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/02/01 20:27:40 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/11/22 22:51:38 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/02/16 11:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2011/12/16 11:38:48 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 11:38:46 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 11:38:24 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/09/06 05:32:20 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/18 01:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/07 13:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/07 13:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/06/14 00:14:38 | 000,262,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/05/31 02:00:12 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/05/31 02:00:08 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/05/31 02:00:08 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/05/07 16:25:24 | 000,442,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/05/07 16:22:42 | 004,431,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/02/22 04:40:14 | 000,792,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/02/22 04:40:14 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/02/22 04:40:14 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/11/26 19:18:00 | 002,811,904 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/09/14 08:32:18 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012/09/14 08:32:16 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012/09/12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 17:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/05/17 04:57:06 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2012/04/18 14:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012/03/02 16:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2012/03/02 16:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2012/03/02 16:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2012/03/02 16:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2012/02/01 18:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/24 00:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/23 19:17:36 | 000,025,144 | ---- | M] (Evoluent) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EvoMouseDriverFilterHidUsb.sys -- (EvoMouseDriverFilterHidUsb)
DRV:64bit: - [2010/06/23 18:17:36 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EvoMouseDriverMini.sys -- (EvoMouseDriverMini)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/29 16:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV:64bit: - [2006/11/01 03:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BB7319DE-ED72-456D-9754-BD892AD1E3C9}
IE:64bit: - HKLM\..\SearchScopes\{12A67956-86CB-4781-9FD8-D81E979EE633}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{BB7319DE-ED72-456D-9754-BD892AD1E3C9}: "URL" = http://www.bing.com/...IE9TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{75AC005E-CF21-403E-9F6F-7F52FA04A137}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{BB7319DE-ED72-456D-9754-BD892AD1E3C9}: "URL" = http://www.bing.com/...IE9TR&pc=MDDCJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {BB7319DE-ED72-456D-9754-BD892AD1E3C9}
IE - HKCU\..\SearchScopes\{B063E8E3-0D09-467C-81EF-E3A345FC2733}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledAddons: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/06/06 16:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/20 07:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/20 07:01:21 | 000,000,000 | ---D | M]

[2013/06/06 22:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/06/06 22:18:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions
[2013/06/06 22:18:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/06/06 22:18:32 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions\[email protected]
[2013/06/06 22:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default\extensions
[2013/06/06 22:18:47 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2013/06/06 22:18:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/11/07 21:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default\extensions
[2013/11/07 21:20:20 | 000,000,000 | ---D | M] (YoutubeAdblocker) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default\extensions\[email protected]
[2013/04/29 10:05:04 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions\[email protected]
[2012/12/16 20:27:05 | 000,222,578 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
[2013/04/28 15:54:09 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/05/08 18:29:36 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/22 08:16:21 | 000,699,333 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013/06/13 06:24:56 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default\extensions\[email protected]
[2013/10/10 05:47:52 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/05/19 15:04:04 | 000,002,277 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default\searchplugins\aol-search.xml
[2013/12/20 07:01:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/30 06:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/30 06:16:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2004/02/20 14:14:09 | 000,176,177 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll
[2011/10/26 12:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Logitech SetPoint = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.50.152_1\
CHR - Extension: Google Wallet = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1370466466\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {0FB028C2-2704-40F6-A983-2A2405027A19} https://epresent.pin...ws/dropslot.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://actiftp.hosti...fiedControl.ocx (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C00A42CE-7AF3-4E87-AF87-B411F23643A8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E71B6BB0-156D-4A71-B4D3-8D9888D169B8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/13 06:13:12 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/05 10:00:28 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\AlphaProgram
[2014/01/03 05:14:36 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2014/01/03 05:14:36 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2014/01/03 05:14:36 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2014/01/03 05:14:36 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2014/01/03 05:14:35 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2014/01/03 05:14:35 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2014/01/03 05:14:34 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2014/01/03 05:14:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2014/01/03 05:14:12 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2014/01/03 05:14:12 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2014/01/03 05:13:42 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2014/01/03 05:13:42 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2014/01/03 05:08:22 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Windows Live
[2013/12/31 06:19:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/12/31 06:18:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Dropbox
[2013/12/30 06:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/12/26 08:24:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/24 15:52:17 | 000,070,768 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe
[2013/12/24 15:52:17 | 000,070,768 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysNative\nlssrv32.exe
[2013/12/23 09:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
[2013/12/23 09:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/12/23 09:36:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/12/23 09:36:23 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013/12/23 09:36:22 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/12/23 09:36:22 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/12/23 09:36:21 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/12/23 09:36:21 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/12/23 09:36:20 | 001,662,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013/12/23 09:36:19 | 002,810,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013/12/23 09:36:19 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013/12/23 09:36:18 | 002,587,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013/12/23 09:36:18 | 001,021,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013/12/23 09:36:18 | 000,378,000 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SysNative\RtkGuiCompLib.dll
[2013/12/23 09:36:18 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013/12/23 09:36:18 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013/12/23 09:36:17 | 001,286,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013/12/23 09:36:17 | 000,617,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2013/12/23 09:36:17 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/12/23 09:36:17 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/12/23 09:36:17 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/12/23 09:36:17 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/12/23 09:36:17 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/12/23 09:36:17 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/12/23 09:36:16 | 037,850,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCORES64.dat
[2013/12/23 09:36:15 | 000,151,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013/12/23 09:36:13 | 001,993,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO264.dll
[2013/12/23 09:36:13 | 001,722,648 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO232.dll
[2013/12/23 09:36:13 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2013/12/23 09:36:13 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2013/12/23 09:36:13 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013/12/23 09:36:13 | 000,628,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll
[2013/12/23 09:36:13 | 000,563,992 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll
[2013/12/23 09:36:13 | 000,397,080 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2013/12/23 09:36:13 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2013/12/23 09:36:13 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2013/12/23 09:36:09 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013/12/23 09:36:09 | 001,916,672 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013/12/23 09:36:08 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013/12/23 09:36:08 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013/12/23 09:36:07 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013/12/23 09:36:07 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/12/23 09:36:03 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/12/23 09:36:03 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013/12/23 09:36:03 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013/12/23 09:36:02 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013/12/23 09:36:02 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013/12/23 09:36:02 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013/12/23 09:36:02 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013/12/23 09:36:02 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013/12/23 09:36:02 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013/12/23 09:36:02 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013/12/23 09:36:02 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013/12/23 09:36:02 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013/12/23 09:36:02 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013/12/23 09:36:01 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013/12/23 09:36:00 | 000,209,096 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013/12/23 09:36:00 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013/12/21 17:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/21 17:19:02 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/12/21 17:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/21 17:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/21 17:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/12/21 17:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/12/21 17:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/20 17:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyRail5
[2013/12/20 17:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyRail5
[2013/12/20 07:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/19 14:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2013
[2013/12/14 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\webkit
[2013/12/14 18:04:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\gtk-2.0
[2013/12/14 18:04:29 | 000,000,000 | ---D | C] -- C:\Users\David\.thumbnails
[2013/12/14 18:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/12/14 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2013/12/14 15:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1995-08.com.techsmith
[2013/12/14 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\fontconfig
[2013/12/14 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\gegl-0.2
[2013/12/14 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\David\.gimp-2.8
[2013/12/13 06:12:34 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/12/13 06:12:34 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/12/13 06:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/12/13 06:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/12/12 10:32:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics
[2013/12/11 03:01:51 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/11 03:01:51 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/11 03:01:51 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/11 03:01:50 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/11 03:00:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/11 03:00:51 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/11 03:00:51 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/11 03:00:51 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/11 03:00:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/11 03:00:51 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/11 03:00:51 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/11 03:00:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/11 03:00:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/11 03:00:50 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/11 03:00:50 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/11 03:00:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/11 03:00:50 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/11 03:00:49 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/11 03:00:49 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/11 03:00:48 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 02:51:18 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 02:51:18 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 02:51:13 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 02:51:13 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 02:51:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 02:50:01 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 02:50:01 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 02:50:00 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 02:50:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 02:50:00 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 02:50:00 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 02:50:00 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 02:50:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/10 01:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/02/13 05:18:29 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\David\zh_res.dll
[2011/10/25 03:47:05 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\David\PCPE Setup.exe
[2011/10/25 03:47:05 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\David\mfc80u.dll
[2011/10/25 03:47:05 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\David\msvcr80.dll
[2011/10/25 03:47:05 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\David\en_res.dll
[2011/10/25 03:47:04 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\David\fr_res.dll
[2011/10/25 03:47:04 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\David\pt_res.dll
[2011/10/25 03:47:04 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\David\it_res.dll
[2011/10/25 03:47:04 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\David\es_res.dll
[2011/10/25 03:47:04 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\David\ru_res.dll
[2011/10/25 03:47:04 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\David\jp_res.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/06 14:23:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 14:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/06 11:25:44 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 11:25:44 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 11:18:52 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/01/06 11:17:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 11:17:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 11:17:25 | 2046,455,807 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/05 05:10:25 | 015,900,672 | ---- | M] () -- C:\Users\David\Steckler1.QDF
[2014/01/05 05:00:08 | 000,616,096 | ---- | M] () -- C:\Users\David\Steckler1OFXLOG.DAT
[2014/01/03 07:09:52 | 000,784,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/03 07:09:52 | 000,663,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/03 07:09:52 | 000,122,804 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/02 20:55:06 | 000,015,912 | ---- | M] () -- C:\Users\David\Desktop\DSTECKLER_AOL_COM_201401022153274431.pdf
[2013/12/30 06:16:57 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/27 06:23:33 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Perfect Photo Suite 8.lnk
[2013/12/26 21:04:16 | 000,019,630 | ---- | M] () -- C:\Users\David\Documents\Ken HOn3 single level.any
[2013/12/26 10:33:19 | 000,199,296 | ---- | M] () -- C:\Users\David\Documents\Ken HOn3 single level.jpg
[2013/12/24 14:56:47 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 5.3 64-bit.lnk
[2013/12/23 09:29:46 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job
[2013/12/21 17:19:07 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/20 17:16:44 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\AnyRail 5.lnk
[2013/12/19 14:28:46 | 000,001,176 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/12/19 14:28:03 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2013.lnk
[2013/12/18 16:28:49 | 000,000,585 | ---- | M] () -- C:\Users\David\Documents\ChatLog VZO PZO VSB with Dave Steckler 2013_12_18 16_28.rtf
[2013/12/16 15:09:56 | 000,070,768 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe
[2013/12/16 15:09:56 | 000,070,768 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysNative\nlssrv32.exe
[2013/12/14 18:04:31 | 000,000,871 | ---- | M] () -- C:\Users\David\AppData\Local\recently-used.xbel
[2013/12/13 06:13:12 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/12/13 06:12:34 | 000,002,260 | ---- | M] () -- C:\Users\David\Desktop\SpyHunter.lnk
[2013/12/11 08:16:04 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/11 08:16:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/11 05:09:14 | 000,434,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 16:44:32 | 000,001,281 | ---- | M] () -- C:\Users\David\Desktop\MyWork.lnk
[2013/12/09 18:02:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/05 05:51:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/01/02 20:53:59 | 000,015,912 | ---- | C] () -- C:\Users\David\Desktop\DSTECKLER_AOL_COM_201401022153274431.pdf
[2013/12/30 06:16:57 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/30 06:16:57 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/24 15:52:33 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Perfect Photo Suite 8.lnk
[2013/12/24 14:56:47 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.3 64-bit.lnk
[2013/12/24 14:56:47 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 5.3 64-bit.lnk
[2013/12/23 19:40:51 | 000,199,296 | ---- | C] () -- C:\Users\David\Documents\Ken HOn3 single level.jpg
[2013/12/23 19:35:26 | 000,019,630 | ---- | C] () -- C:\Users\David\Documents\Ken HOn3 single level.any
[2013/12/23 09:36:17 | 000,673,037 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/12/21 17:19:07 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/19 14:28:03 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2013.lnk
[2013/12/18 16:28:49 | 000,000,585 | ---- | C] () -- C:\Users\David\Documents\ChatLog VZO PZO VSB with Dave Steckler 2013_12_18 16_28.rtf
[2013/12/14 18:04:31 | 000,000,871 | ---- | C] () -- C:\Users\David\AppData\Local\recently-used.xbel
[2013/12/13 06:13:12 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/12/13 06:12:36 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013/12/13 06:12:34 | 000,002,260 | ---- | C] () -- C:\Users\David\Desktop\SpyHunter.lnk
[2013/12/11 05:08:20 | 000,434,936 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 20:43:53 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\AnyRail 5.lnk
[2013/12/10 16:44:32 | 000,001,281 | ---- | C] () -- C:\Users\David\Desktop\MyWork.lnk
[2013/12/09 18:02:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/12/06 11:09:35 | 000,103,832 | ---- | C] () -- C:\Users\David\GoToAssistDownloadHelper.exe
[2013/11/13 14:26:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013/11/13 14:26:06 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/06/10 14:01:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\Importer
[2013/06/10 14:01:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\Icons
[2013/06/10 14:01:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\Frameworks
[2013/06/10 14:00:53 | 000,000,000 | ---- | C] () -- C:\ProgramData\HomePageService
[2013/06/10 14:00:53 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Roaming\Help
[2013/06/05 16:14:54 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/06/05 15:17:01 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/06/05 14:56:29 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/06/05 14:51:49 | 000,000,320 | ---- | C] () -- C:\Users\David\AppData\Roaming\SEC375024.trad
[2013/06/05 13:08:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/05/31 01:32:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2013/05/31 01:32:09 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2013/05/22 13:31:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\Brother
[2013/05/22 13:31:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\Ambient
[2013/05/07 16:20:26 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/05/07 16:20:24 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/05/07 16:16:22 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/03/12 14:00:12 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/01/06 14:50:10 | 000,007,668 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2012/12/14 01:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/12/14 01:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/10/31 19:42:53 | 000,002,708 | ---- | C] () -- C:\Users\David\AppData\Local\Temp3.html
[2012/10/31 19:42:53 | 000,001,955 | ---- | C] () -- C:\Users\David\AppData\Local\Temp2.html
[2012/10/08 13:07:01 | 000,009,947 | ---- | C] () -- C:\Users\David\AppData\Local\Temp10.html
[2012/09/26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/09/26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/09/14 08:32:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/09/14 08:32:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/08/22 14:39:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Caches
[2012/08/22 14:39:42 | 000,000,268 | RH-- | C] () -- C:\Users\David\AppData\Roaming\Bubble Noise
[2012/08/22 14:39:42 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012/07/31 16:22:26 | 000,018,364 | ---- | C] () -- C:\Users\David\AppData\Local\Temp13.html
[2012/02/24 15:43:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basics
[2012/02/24 15:43:59 | 000,000,268 | RH-- | C] () -- C:\Users\David\AppData\Roaming\Automator
[2012/02/24 15:43:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bass
[2012/02/24 15:43:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basic Track
[2011/12/26 11:14:16 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/25 03:47:06 | 013,338,112 | ---- | C] () -- C:\Users\David\PCPE_3.0.1.msi
[2011/10/25 03:47:05 | 000,018,808 | ---- | C] () -- C:\Users\David\ResourceReader.dll
[2011/09/11 13:34:49 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{C4B643EB-4C44-4381-9A69-2751C8414A48}
[2011/09/06 11:07:57 | 000,060,304 | ---- | C] () -- C:\Users\David\g2mdlhlpx.exe
[2011/08/30 15:12:03 | 000,000,268 | RH-- | C] () -- C:\Users\David\AppData\Roaming\BSD
[2011/08/30 15:12:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/08/30 15:12:02 | 000,000,268 | RH-- | C] () -- C:\Users\David\AppData\Roaming\Automatic Filter
[2011/08/30 15:12:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/08/30 15:12:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/07/31 18:32:20 | 000,616,096 | ---- | C] () -- C:\Users\David\Steckler1OFXLOG.DAT
[2011/07/05 12:52:09 | 006,918,144 | ---- | C] () -- C:\Users\David\PCPE_3.0.msi
[2011/07/04 04:38:09 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{B0D76152-17AD-47A4-AF97-EDA29E2362CF}
[2011/06/04 12:34:46 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{54150A1E-A1FE-48EE-B8C8-848842CED432}
[2011/06/02 04:20:28 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{FEA34263-AFBE-42E8-8BB8-D12DF43569D9}
[2010/10/30 09:29:58 | 000,006,144 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 15:10:03 | 015,900,672 | ---- | C] () -- C:\Users\David\Steckler1.QDF
[2010/10/28 19:16:06 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns2
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns1
@Alternate Data Stream - 4 bytes -> C:\ProgramData\Nalpeiron:user.ns4
@Alternate Data Stream - 4 bytes -> C:\ProgramData\Nalpeiron:user.ns3
@Alternate Data Stream - 384 bytes -> C:\Windows:nlsPreferences

< End of report >

Edited by DSteckler, 06 January 2014 - 02:55 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 06 January 2014 - 07:41 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello DSteckler,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
DSteckler
Posted 07 January 2014 - 04:28 AM

DSteckler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by David (administrator) on DAVID-PC on 07-01-2014 04:25:04
Running from C:\Users\David\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1370466466\ee\aolsoftware.exe
(Dell) C:\Users\David\AppData\Local\Apps\2.0\W6KLN4KA.VZH\L7RQ18XD.97V\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2409272 2012-10-06] (Logitech, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1370466466\ee\aolsoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Display] - C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [DellSystemDetect] - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-10-22] ()
HKCU\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.7\aol.exe [72760 2013-04-18] (AOL Inc.)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - DefaultScope {BB7319DE-ED72-456D-9754-BD892AD1E3C9} URL = http://www.bing.com/...IE9TR&pc=MDDCJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {BB7319DE-ED72-456D-9754-BD892AD1E3C9} URL = http://www.bing.com/...IE9TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {BB7319DE-ED72-456D-9754-BD892AD1E3C9} URL = http://www.bing.com/...IE9TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {BB7319DE-ED72-456D-9754-BD892AD1E3C9} URL =
SearchScopes: HKCU - {75AC005E-CF21-403E-9F6F-7F52FA04A137} URL =
SearchScopes: HKCU - {BB7319DE-ED72-456D-9754-BD892AD1E3C9} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0FB028C2-2704-40F6-A983-2A2405027A19} https://epresent.pin...ws/dropslot.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: HKLM-x32 {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://actiftp.hosti...fiedControl.ocx
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default
FF Homepage: hxxp://att.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 - C:\Windows\system32\npdeployJava1.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: YoutubeAdblocker - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default\Extensions\[email protected]
FF Extension: Exif Viewer - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default\Extensions\[email protected]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR Extension: (Logitech SetPoint) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.50.152_1
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\David\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\David\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx

==================== Services (Whitelisted) =================

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R3 QuickBooksDB20; C:\Program Files (x86)\Intuit\QuickBooks 2010\QBDBMgrN.exe [678912 2009-08-18] (Intuit, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-11-22] (Atheros)

==================== Drivers (Whitelisted) ====================

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-07 04:25 - 2014-01-07 04:25 - 00023487 _____ C:\Users\David\Downloads\FRST.txt
2014-01-07 04:25 - 2014-01-07 04:25 - 00000000 ____D C:\FRST
2014-01-07 04:24 - 2014-01-07 04:24 - 01931762 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-01-05 10:00 - 2014-01-05 10:02 - 00000000 ____D C:\Users\David\Desktop\AlphaProgram
2014-01-05 05:51 - 2014-01-06 17:02 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2014-01-03 05:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-03 05:14 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-03 05:14 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-03 05:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-03 05:14 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-03 05:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-01-03 05:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-03 05:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-03 05:14 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-01-03 05:14 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-01-03 05:13 - 2014-01-03 05:13 - 00000346 _____ C:\Windows\DirectX.log
2014-01-03 05:13 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-01-03 05:13 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-01-03 05:08 - 2014-01-03 05:15 - 00000000 ____D C:\Users\David\AppData\Local\Windows Live
2013-12-31 06:19 - 2013-12-31 06:19 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-31 06:18 - 2013-12-31 08:56 - 00000000 ____D C:\Users\David\AppData\Roaming\Dropbox
2013-12-31 06:18 - 2013-12-31 06:18 - 36293880 _____ (Dropbox, Inc.) C:\Users\David\Downloads\Dropbox 2.4.10.exe
2013-12-30 06:16 - 2013-12-30 06:16 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-30 06:16 - 2013-12-30 06:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 06:13 - 2014-01-06 17:01 - 00001558 _____ C:\Windows\PFRO.log
2013-12-27 15:23 - 2014-01-06 17:01 - 00002464 _____ C:\Windows\setupact.log
2013-12-26 08:24 - 2013-12-27 15:21 - 00000000 ____D C:\Windows\Minidump
2013-12-24 15:52 - 2013-12-27 06:23 - 00002027 _____ C:\Users\Public\Desktop\Perfect Photo Suite 8.lnk
2013-12-24 15:52 - 2013-12-16 15:09 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2013-12-24 15:52 - 2013-12-16 15:09 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
2013-12-24 14:56 - 2013-12-24 14:56 - 00002057 _____ C:\Users\Public\Desktop\Lightroom 5.3 64-bit.lnk
2013-12-24 14:48 - 2013-12-24 14:52 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\David\Downloads\Lightroom_5_LS11_win_5_3.exe
2013-12-23 19:35 - 2013-12-26 21:04 - 00019630 _____ C:\Users\David\Documents\Ken HOn3 single level.any
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Program Files\Realtek
2013-12-23 09:36 - 2013-10-22 20:38 - 03692632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-23 09:36 - 2013-10-22 17:40 - 00673037 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-23 09:36 - 2013-10-22 17:11 - 00151256 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-23 09:36 - 2013-10-22 09:42 - 37850112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
2013-12-23 09:36 - 2013-10-21 10:46 - 02587352 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-23 09:36 - 2013-10-18 16:41 - 01286360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-23 09:36 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-23 09:36 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-23 09:36 - 2013-10-07 11:05 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-23 09:36 - 2013-10-02 17:10 - 00617176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-23 09:36 - 2013-09-26 21:40 - 01993496 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2013-12-23 09:36 - 2013-09-26 21:40 - 01722648 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2013-12-23 09:36 - 2013-09-26 16:11 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-23 09:36 - 2013-08-14 16:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-12-23 09:36 - 2013-08-14 16:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-12-23 09:36 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-23 09:36 - 2013-07-30 14:04 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-12-23 09:36 - 2013-07-24 10:07 - 02032896 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2013-12-23 09:36 - 2013-07-23 15:40 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2013-12-23 09:36 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2013-12-23 09:36 - 2013-07-23 15:39 - 01916672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2013-12-23 09:36 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-12-23 09:36 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-23 09:36 - 2013-01-11 16:27 - 00628504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll
2013-12-23 09:36 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll
2013-12-23 09:36 - 2012-11-14 11:41 - 00378000 _____ (Realtek Semiconductor) C:\Windows\system32\RtkGuiCompLib.dll
2013-12-23 09:36 - 2012-06-08 16:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-12-23 09:36 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-12-23 09:36 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-23 09:36 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-23 09:36 - 2011-12-16 14:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-12-23 09:36 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2013-12-23 09:36 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2013-12-23 09:36 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-23 09:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-23 09:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-23 09:36 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-23 09:36 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-23 09:36 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-23 09:36 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-23 09:36 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-12-23 09:36 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-12-23 09:36 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2013-12-23 09:36 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2013-12-23 09:36 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-12-23 09:36 - 2009-11-18 07:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2013-12-21 17:19 - 2013-12-21 17:19 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-21 17:19 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-12-21 17:18 - 2013-12-21 17:19 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-21 17:18 - 2013-12-21 17:19 - 00000000 ____D C:\Program Files\iTunes
2013-12-21 17:18 - 2013-12-21 17:18 - 00000000 ____D C:\Program Files\iPod
2013-12-21 17:18 - 2013-12-21 17:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-21 17:17 - 2013-12-21 17:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-21 17:16 - 2013-12-21 17:17 - 100400976 _____ (Apple Inc.) C:\Users\David\Downloads\iTunes64Setup.exe
2013-12-20 17:16 - 2013-12-20 17:16 - 00000000 ____D C:\Program Files (x86)\AnyRail5
2013-12-20 07:01 - 2013-12-30 06:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 14:28 - 2013-12-19 14:28 - 00002513 _____ C:\Users\Public\Desktop\TurboTax 2013.lnk
2013-12-14 18:04 - 2013-12-14 18:04 - 00000871 _____ C:\Users\David\AppData\Local\recently-used.xbel
2013-12-14 18:04 - 2013-12-14 18:04 - 00000000 ____D C:\Users\David\AppData\Local\webkit
2013-12-14 18:04 - 2013-12-14 18:04 - 00000000 ____D C:\Users\David\AppData\Local\gtk-2.0
2013-12-14 18:04 - 2013-12-14 18:04 - 00000000 ____D C:\Users\David\.thumbnails
2013-12-14 18:00 - 2013-12-14 18:01 - 00000000 ____D C:\Program Files\GIMP 2
2013-12-14 15:51 - 2013-12-14 15:51 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2013-12-14 15:37 - 2013-12-14 18:07 - 00000000 ____D C:\Users\David\.gimp-2.8
2013-12-14 15:37 - 2013-12-14 15:37 - 00000000 ____D C:\Users\David\AppData\Local\gegl-0.2
2013-12-13 08:11 - 2014-01-02 06:46 - 01233962 _____ C:\Users\David\Downloads\adwcleaner.exe
2013-12-13 06:13 - 2013-12-13 06:13 - 00000000 _____ C:\autoexec.bat
2013-12-13 06:12 - 2013-12-13 06:12 - 00002260 _____ C:\Users\David\Desktop\SpyHunter.lnk
2013-12-13 06:12 - 2013-12-13 06:12 - 00000000 ____D C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2013-12-13 06:12 - 2013-12-13 06:12 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-13 06:12 - 2013-12-13 06:12 - 00000000 ____D C:\sh4ldr
2013-12-13 06:12 - 2013-12-13 06:12 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-13 06:12 - 2012-06-22 11:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2013-12-13 06:11 - 2013-12-13 06:11 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\David\Downloads\SpyHunter-Installer.exe
2013-12-12 13:06 - 2013-12-12 13:06 - 08573501 _____ () C:\Users\David\Downloads\Di_Pro_Ver_422_exe_update.exe
2013-12-11 05:08 - 2013-12-11 05:09 - 00434936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 05:08 - 2013-12-11 05:08 - 00000000 _____ C:\Windows\setuperr.log
2013-12-11 05:00 - 2013-12-11 05:00 - 00116680 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-11 03:01 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 03:01 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 03:01 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 03:01 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 03:00 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 03:00 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 03:00 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 03:00 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 03:00 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 03:00 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 03:00 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 03:00 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 03:00 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 03:00 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 03:00 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 03:00 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 03:00 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 03:00 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 03:00 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 03:00 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 03:00 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 03:00 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 03:00 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 03:00 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 03:00 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 03:00 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 03:00 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 03:00 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 03:00 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 03:00 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 03:00 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 03:00 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 03:00 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 03:00 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 03:00 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 02:51 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 02:51 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 02:51 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 02:51 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 02:51 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 02:51 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 02:51 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 02:50 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 02:50 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 02:50 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 02:50 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 02:50 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 02:50 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 02:50 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 02:50 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 02:50 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 02:50 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 02:50 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 02:50 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 20:43 - 2013-12-20 17:16 - 00000939 _____ C:\Users\Public\Desktop\AnyRail 5.lnk
2013-12-10 16:44 - 2013-12-10 16:44 - 00001281 _____ C:\Users\David\Desktop\MyWork.lnk
2013-12-09 18:02 - 2013-12-09 18:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2014-01-07 04:25 - 2014-01-07 04:25 - 00023487 _____ C:\Users\David\Downloads\FRST.txt
2014-01-07 04:25 - 2014-01-07 04:25 - 00000000 ____D C:\FRST
2014-01-07 04:24 - 2014-01-07 04:24 - 01931762 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2014-01-07 04:23 - 2013-06-05 12:47 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 04:19 - 2013-06-06 05:36 - 00000000 ____D C:\Dynamic Investor Pro
2014-01-07 04:18 - 2013-05-31 00:10 - 01703935 _____ C:\Windows\WindowsUpdate.log
2014-01-07 04:15 - 2013-05-31 00:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 21:43 - 2013-06-06 16:34 - 00000000 ____D C:\ProgramData\MFAData
2014-01-06 17:10 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-06 17:10 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-06 17:03 - 2013-06-06 22:12 - 00000000 ____D C:\Users\David\AppData\Local\Deployment
2014-01-06 17:02 - 2014-01-05 05:51 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2014-01-06 17:02 - 2013-05-31 00:38 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2014-01-06 17:02 - 2013-05-31 00:38 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2014-01-06 17:02 - 2013-05-31 00:28 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2014-01-06 17:01 - 2013-12-30 06:13 - 00001558 _____ C:\Windows\PFRO.log
2014-01-06 17:01 - 2013-12-27 15:23 - 00002464 _____ C:\Windows\setupact.log
2014-01-06 17:01 - 2013-06-05 12:47 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-06 17:01 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-06 16:16 - 2013-06-06 09:08 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-01-06 14:57 - 2013-06-06 23:01 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EdgeRater Software
2014-01-05 10:44 - 2009-07-13 23:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-05 10:02 - 2014-01-05 10:00 - 00000000 ____D C:\Users\David\Desktop\AlphaProgram
2014-01-05 05:10 - 2013-06-06 19:49 - 00000000 ____D C:\Users\David\BACKUP
2014-01-05 05:10 - 2010-10-29 15:10 - 15900672 _____ C:\Users\David\Steckler1.QDF
2014-01-05 05:00 - 2011-07-31 18:32 - 00616096 _____ C:\Users\David\Steckler1OFXLOG.DAT
2014-01-03 07:09 - 2009-07-13 23:13 - 00784326 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 05:15 - 2014-01-03 05:08 - 00000000 ____D C:\Users\David\AppData\Local\Windows Live
2014-01-03 05:15 - 2013-06-06 19:49 - 00000000 ____D C:\Users\David\Tracing
2014-01-03 05:13 - 2014-01-03 05:13 - 00000346 _____ C:\Windows\DirectX.log
2014-01-02 07:00 - 2013-11-07 21:36 - 00000000 ____D C:\AdwCleaner
2014-01-02 06:46 - 2013-12-13 08:11 - 01233962 _____ C:\Users\David\Downloads\adwcleaner.exe
2014-01-01 16:58 - 2013-06-16 19:50 - 00282624 ___SH C:\Users\David\Documents\Thumbs.db
2014-01-01 06:01 - 2013-06-06 16:10 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-31 09:22 - 2013-12-03 06:16 - 00000000 ____D C:\Windows\pss
2013-12-31 09:22 - 2013-06-05 09:54 - 00000000 ___RD C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-31 08:56 - 2013-12-31 06:18 - 00000000 ____D C:\Users\David\AppData\Roaming\Dropbox
2013-12-31 06:19 - 2013-12-31 06:19 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-31 06:18 - 2013-12-31 06:18 - 36293880 _____ (Dropbox, Inc.) C:\Users\David\Downloads\Dropbox 2.4.10.exe
2013-12-30 06:16 - 2013-12-30 06:16 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-30 06:16 - 2013-12-30 06:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-30 06:16 - 2013-12-20 07:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-28 17:23 - 2013-06-05 14:17 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-27 15:21 - 2013-12-26 08:24 - 00000000 ____D C:\Windows\Minidump
2013-12-27 06:23 - 2013-12-24 15:52 - 00002027 _____ C:\Users\Public\Desktop\Perfect Photo Suite 8.lnk
2013-12-27 05:13 - 2013-06-07 13:37 - 00000000 ____D C:\Users\David\Documents\HGS_Backups
2013-12-26 21:04 - 2013-12-23 19:35 - 00019630 _____ C:\Users\David\Documents\Ken HOn3 single level.any
2013-12-24 15:52 - 2013-10-30 06:35 - 00000000 ____D C:\Users\QBDataServiceUser20\AppData\Roaming\onOne Software
2013-12-24 15:52 - 2013-10-30 06:34 - 00000000 ____D C:\Users\David\AppData\Roaming\onOne Software
2013-12-24 15:52 - 2013-10-30 06:34 - 00000000 ____D C:\Program Files\onOne Software
2013-12-24 15:52 - 2013-06-06 19:42 - 00000000 ____D C:\Program Files (x86)\onOne Software
2013-12-24 14:56 - 2013-12-24 14:56 - 00002057 _____ C:\Users\Public\Desktop\Lightroom 5.3 64-bit.lnk
2013-12-24 14:56 - 2013-06-05 14:06 - 00000000 ____D C:\Program Files\Adobe
2013-12-24 14:52 - 2013-12-24 14:48 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\David\Downloads\Lightroom_5_LS11_win_5_3.exe
2013-12-24 14:52 - 2013-06-06 22:37 - 00000000 ____D C:\Users\David\Desktop\Adobe
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-23 09:36 - 2013-12-23 09:36 - 00000000 ____D C:\Program Files\Realtek
2013-12-23 09:36 - 2013-05-31 00:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-23 09:29 - 2013-06-14 05:01 - 00000406 _____ C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2013-12-21 17:19 - 2013-12-21 17:19 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-21 17:19 - 2013-12-21 17:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-21 17:19 - 2013-12-21 17:18 - 00000000 ____D C:\Program Files\iTunes
2013-12-21 17:19 - 2013-06-18 05:44 - 00000000 ____D C:\Users\David\AppData\Local\Apple Computer
2013-12-21 17:19 - 2013-06-06 22:13 - 00000000 ____D C:\Users\David\AppData\Roaming\Apple Computer
2013-12-21 17:18 - 2013-12-21 17:18 - 00000000 ____D C:\Program Files\iPod
2013-12-21 17:18 - 2013-12-21 17:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-21 17:18 - 2013-06-06 16:10 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-21 17:17 - 2013-12-21 17:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-21 17:17 - 2013-12-21 17:16 - 100400976 _____ (Apple Inc.) C:\Users\David\Downloads\iTunes64Setup.exe
2013-12-21 17:17 - 2013-06-06 16:55 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-21 17:17 - 2013-06-06 16:42 - 00000000 ____D C:\Program Files\Bonjour
2013-12-20 17:16 - 2013-12-20 17:16 - 00000000 ____D C:\Program Files (x86)\AnyRail5
2013-12-20 17:16 - 2013-12-10 20:43 - 00000939 _____ C:\Users\Public\Desktop\AnyRail 5.lnk
2013-12-20 03:27 - 2013-06-06 22:12 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2013-12-19 14:28 - 2013-12-19 14:28 - 00002513 _____ C:\Users\Public\Desktop\TurboTax 2013.lnk
2013-12-19 14:28 - 2011-12-26 11:14 - 00001176 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-12-19 14:27 - 2013-06-06 19:44 - 00000000 ____D C:\Program Files (x86)\TurboTax
2013-12-18 15:04 - 2013-12-06 11:09 - 00000000 ____D C:\Users\David\AppData\Local\Citrix
2013-12-18 15:04 - 2013-06-06 16:55 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-12-17 16:20 - 2013-06-06 21:59 - 00000000 ____D C:\Users\David\Documents\EdgeRater
2013-12-16 15:09 - 2013-12-24 15:52 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
2013-12-16 15:09 - 2013-12-24 15:52 - 00070768 _____ (Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
2013-12-16 04:40 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-15 19:11 - 2013-11-03 10:03 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-15 17:59 - 2013-06-06 22:56 - 00000000 ____D C:\Users\David\Desktop\Songs
2013-12-15 14:23 - 2013-10-30 06:32 - 00000000 ____D C:\ProgramData\onOne Software
2013-12-14 18:07 - 2013-12-14 15:37 - 00000000 ____D C:\Users\David\.gimp-2.8
2013-12-14 18:04 - 2013-12-14 18:04 - 00000871 _____ C:\Users\David\AppData\Local\recently-used.xbel
2013-12-14 18:04 - 2013-12-14 18:04 - 00000000 ____D C:\Users\David\AppData\Local\webkit
2013-12-14 18:04 - 2013-12-14 18:04 - 00000000 ____D C:\Users\David\AppData\Local\gtk-2.0
2013-12-14 18:04 - 2013-12-14 18:04 - 00000000 ____D C:\Users\David\.thumbnails
2013-12-14 18:04 - 2013-06-05 09:49 - 00000000 ____D C:\Users\David
2013-12-14 18:01 - 2013-12-14 18:00 - 00000000 ____D C:\Program Files\GIMP 2
2013-12-14 15:51 - 2013-12-14 15:51 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2013-12-14 15:37 - 2013-12-14 15:37 - 00000000 ____D C:\Users\David\AppData\Local\gegl-0.2
2013-12-14 10:59 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 10:58 - 2013-06-05 10:40 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 06:52 - 2013-06-06 18:50 - 00000000 ____D C:\Windows\Quotes Plus
2013-12-13 06:13 - 2013-12-13 06:13 - 00000000 _____ C:\autoexec.bat
2013-12-13 06:12 - 2013-12-13 06:12 - 00002260 _____ C:\Users\David\Desktop\SpyHunter.lnk
2013-12-13 06:12 - 2013-12-13 06:12 - 00000000 ____D C:\Windows\CD09642E061D4844BA37ED1480916404.TMP
2013-12-13 06:12 - 2013-12-13 06:12 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-12-13 06:12 - 2013-12-13 06:12 - 00000000 ____D C:\sh4ldr
2013-12-13 06:12 - 2013-12-13 06:12 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-12-13 06:11 - 2013-12-13 06:11 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\David\Downloads\SpyHunter-Installer.exe
2013-12-12 14:51 - 2013-06-06 09:08 - 00000000 ____D C:\Program Files\My Dell
2013-12-12 14:51 - 2013-05-31 00:35 - 00000000 ____D C:\ProgramData\PCDr
2013-12-12 13:06 - 2013-12-12 13:06 - 08573501 _____ () C:\Users\David\Downloads\Di_Pro_Ver_422_exe_update.exe
2013-12-12 10:32 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-11 08:16 - 2013-05-31 00:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 08:16 - 2013-05-31 00:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 08:16 - 2013-05-31 00:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 05:09 - 2013-12-11 05:08 - 00434936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 05:08 - 2013-12-11 05:08 - 00000000 _____ C:\Windows\setuperr.log
2013-12-11 05:00 - 2013-12-11 05:00 - 00116680 _____ C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-11 03:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-12-10 20:44 - 2013-09-17 13:27 - 00000000 ____D C:\ProgramData\DRail Modelspoor Software
2013-12-10 20:43 - 2013-06-06 16:54 - 00000000 ____D C:\Program Files (x86)\AnyRail5EN
2013-12-10 16:44 - 2013-12-10 16:44 - 00001281 _____ C:\Users\David\Desktop\MyWork.lnk
2013-12-10 16:44 - 2013-06-05 14:43 - 00000000 ____D C:\Program Files (x86)\TradeStation 9.1
2013-12-10 01:26 - 2013-06-05 12:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 18:02 - 2013-12-09 18:02 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\David\en_res.dll
C:\Users\David\es_res.dll
C:\Users\David\fr_res.dll
C:\Users\David\it_res.dll
C:\Users\David\jp_res.dll
C:\Users\David\mfc80u.dll
C:\Users\David\msvcr80.dll
C:\Users\David\PCPE Setup.exe
C:\Users\David\pt_res.dll
C:\Users\David\ResourceReader.dll
C:\Users\David\ru_res.dll
C:\Users\David\Steckler1OFXLOG.DAT
C:\Users\David\zh_res.dll


Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\checkhgs.dll
C:\Users\David\AppData\Local\Temp\Perfect_Photo_Suite_8.1.0_LR_AP_Update.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-30 04:42

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by David at 2014-01-07 04:25:32
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 8 Professional (x32 Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional (x32 Version: 8.0.0 - Adobe Systems) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7 - Vantage Software Technologies)
AnyRail5 (x32 Version: 5.11.3 - DRail Modelspoor Software)
AnyRail5 (x32 Version: 5.11.3 - DRail Modelspoor Software) Hidden
AOL Uninstaller (Choose which Products to Remove) (x32 Version: - AOL Inc.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Application Profiles (x32 Version: 2.0.4331.36041 - Advanced Micro Devices, Inc.) Hidden
Application Verifier (x64) (Version: 4.1.1078 - Microsoft Corporation)
AVG 2014 (Version: 14.0.3658 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7360N (x32 Version: 1.0.7.0 - Brother Industries, Ltd.)
Canon Easy-PhotoPrint EX (x32 Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (x32 Version: - )
Canon IJ Network Scanner Selector EX (x32 Version: - )
Canon IJ Network Tool (x32 Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32 Version: - )
Canon MP Navigator EX 5.1 (x32 Version: - )
Canon MX890 series MP Drivers (Version: - )
Canon MX890 series On-screen Manual (x32 Version: - )
Canon MX890 series User Registration (x32 Version: - )
Canon My Printer (x32 Version: 3.1.0 - Canon Inc.)
Canon Solution Menu EX (x32 Version: - )
Canon Speed Dial Utility (x32 Version: - )
CCleaner (Version: 4.04 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (x32 Version: 1.0.162 - Citrix)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (x32 Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (Version: 6.12.2.633 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (x32 Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (x32 Version: 2.8.1000.0 - Dell Products, LP)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Dock (x32 Version: 2.0 - Stardock Corporation)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKCU Version: 5.4.0.4 - Dell)
Dell Wireless Driver Installation (x32 Version: 9.0 - Dell)
Distortion Control Data (x32 Version: 1.00.0000 - Nikon)
DriverEasy 4.6.0 (Version: 4.6.0.0 - Easeware)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
Dynamic Investor Pro Version 4 (x32 Version: - )
EdgeClub (HKCU Version: 6.0.0.27 - EdgeRater Software)
EdgeRater PRO Unleashed (HKCU Version: 13.0.0.27 - EdgeRater Software)
eFax Messenger (x32 Version: 4.4.1.528 - j2 Global)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETF Trading Bandit (HKCU Version: 2.1.913.0 - EdgeRater Software)
Evoluent Mouse Manager (Version: 4.0.0 - Evoluent)
E-Z Contact Book version 2.4.0.0 (x32 Version: 2.4.0.0 - Dmitri Karshakevich)
Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (x32 Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (x32 Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)
High Growth Stock Investor V8 (x32 Version: - )
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.18.10.3165 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.63463 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.216.0 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (x32 Version: - Intel Corporation)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101 - Vantage Linguistics)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LG United Mobile Driver (x32 Version: 3.10.1.0 - LG Electronics)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Logitech SetPoint 6.50 (Version: 6.50.152 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Windows Performance Toolkit (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Model Railroader (x32 Version: 1.0.0 - )
Motorola Device Manager (x32 Version: 2.3.9 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.02.1402 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0 - Motorola Inc.) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.)
onOne PerfectPresets (x32 Version: 1.0 - onOne Software)
PCmover Professional (x32 Version: 8.00.631.0 - Laplink Software, Inc.)
Perfect Photo Suite 8 (x32 Version: 8.1.0 - onOne Software)
Perfectly Clear LightroomPlugin 1.3.4 (x32 Version: 1.3.4 - Athentech)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photobucket Backup (x32 Version: 1.0.7.2104 - Photobucket)
Picture Control Utility (x32 Version: 1.4.1 - Nikon)
Picture Control Utility x64 (Version: 1.4.11 - Nikon)
PowerChute Personal Edition 3.0.2 (x32 Version: 3.0.2 - Schneider Electric)
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (x32 Version: 20.0.4017.807 - Intuit Inc.)
Quicken 2013 (x32 Version: 22.1.12.7 - Intuit)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Card Reader (x32 Version: 6.2.9200.30150 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Service Installer II (x32 Version: 1.2 - Nalpeiron)
Service Installer II (x32 Version: 1.2 - Nalpeiron) Hidden
Skins (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Snagit 11 (x32 Version: 11.3.0 - TechSmith Corporation)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpyHunter (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
TradeStation 9.1 (x32 Version: 9.01.00.12681 - TradeStation Technologies)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1983 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0442 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wmoiper (x32 Version: 012.000.1340 - Intuit Inc.) Hidden
TurboTax 2012 wnjiper (x32 Version: 012.000.1331 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (x32 Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1036 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0312 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0140 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0128 - Intuit Inc.) Hidden
Uninstall AOL Emergency Connect Utility 1.0 (x32 Version: - )
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Quick View (x32 Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (x32 Version: 2.2.1.6 - Western Digital Technologies, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points =========================

31-12-2013 23:08:53 Scheduled Checkpoint
03-01-2014 11:12:57 Windows Live Essentials
03-01-2014 11:13:28 Installed DirectX
03-01-2014 11:13:51 Installed DirectX
03-01-2014 11:14:15 Installed DirectX
03-01-2014 11:14:38 WLSetup

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {065D0305-2600-42F8-ADFB-E4D1E02E7781} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {096951E1-F819-4540-951A-10A6D4478F51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {1F84E71C-04DC-4846-B26D-E580F087C5D6} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {55AD5ACF-AFC2-4A95-8E25-DED17EAAEE4A} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2013-10-07] (Easeware)
Task: {58ECA4D5-C547-4B03-98FD-52A4872448B2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)
Task: {5C04B033-9993-45BD-BD23-B8D63614E23D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {6A31AF9E-946E-468A-8A46-9CA472C7A719} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {B119AE5A-6CA5-44C4-BC47-626357BCE8A4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BA60F025-91DE-4BC9-BF5E-DE68C141A093} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-06 02:15 - 2012-10-06 02:15 - 01976632 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2013-05-31 01:32 - 2012-03-19 17:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-15 02:28 - 2013-08-15 02:28 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\4fb4db23c4c17401ba13ad9c9d95cb76\VistaBridgeLibrary.ni.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 22152704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libcef.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 01195022 _____ () C:\Program Files (x86)\AOL Desktop 9.7\avcodec-54.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 00138766 _____ () C:\Program Files (x86)\AOL Desktop 9.7\avutil-51.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 00217614 _____ () C:\Program Files (x86)\AOL Desktop 9.7\avformat-54.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libglesv2.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7\libegl.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 00094208 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\Tier2Svc.dll
2013-04-18 12:04 - 2013-04-18 12:04 - 00060928 _____ () C:\Program Files (x86)\AOL Desktop 9.7\Components\DataSvcs.dll
2013-03-12 14:00 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-03-25 13:44 - 2013-03-25 13:44 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-12-06 11:23 - 2011-12-16 09:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-12 10:04 - 2013-11-12 10:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-12-30 06:16 - 2013-12-05 13:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1506 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1506 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2014 05:03:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2014 00:48:48 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (01/06/2014 11:19:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2014 09:06:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/06/2014 03:29:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 07:47:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 05:29:13 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (01/05/2014 10:46:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2014 05:52:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2014 10:47:57 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (01/06/2014 08:22:37 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.2.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/06/2014 05:02:18 PM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/06/2014 05:02:05 PM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (01/06/2014 05:02:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (01/06/2014 11:18:17 AM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/06/2014 11:18:04 AM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (01/06/2014 11:18:04 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (01/06/2014 09:05:20 AM) (Source: Microsoft-Windows-Time-Service) (User: NT AUTHORITY)
Description: The time provider 'VMICTimeProvider' failed to start due to the following error: The specified module could not be found. (0x8007007E)

Error: (01/06/2014 09:05:02 AM) (Source: Service Control Manager) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (01/06/2014 09:05:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 8063.54 MB
Available physical RAM: 5061.62 MB
Total Pagefile: 16125.26 MB
Available Pagefile: 12640.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:723.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 6ED39193)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=910 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl
Posted 07 January 2014 - 01:28 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello DSteckler,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • 0

#5
DSteckler
Posted 07 January 2014 - 02:17 PM

DSteckler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014
Ran by David at 2014-01-07 14:16:02 Run:1
Running from C:\Users\David\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [x]
SearchScopes: HKCU - DefaultScope {BB7319DE-ED72-456D-9754-BD892AD1E3C9} URL =
SearchScopes: HKCU - {75AC005E-CF21-403E-9F6F-7F52FA04A137} URL =
SearchScopes: HKCU - {BB7319DE-ED72-456D-9754-BD892AD1E3C9} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
2013-12-12 13:06 - 2013-12-12 13:06 - 08573501 _____ () C:\Users\David\Downloads\Di_Pro_Ver_422_exe_update.exe
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\David\en_res.dll
C:\Users\David\es_res.dll
C:\Users\David\fr_res.dll
C:\Users\David\it_res.dll
C:\Users\David\jp_res.dll
C:\Users\David\mfc80u.dll
C:\Users\David\msvcr80.dll
C:\Users\David\PCPE Setup.exe
C:\Users\David\pt_res.dll
C:\Users\David\ResourceReader.dll
C:\Users\David\ru_res.dll
C:\Users\David\Steckler1OFXLOG.DAT
C:\Users\David\zh_res.dll
C:\Users\David\AppData\Local\Temp\checkhgs.dll
C:\Users\David\AppData\Local\Temp\Perfect_Photo_Suite_8.1.0_LR_AP_Update.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\SHSetup.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75AC005E-CF21-403E-9F6F-7F52FA04A137} => Key deleted successfully.
HKCR\CLSID\{75AC005E-CF21-403E-9F6F-7F52FA04A137} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB7319DE-ED72-456D-9754-BD892AD1E3C9} => Key deleted successfully.
HKCR\CLSID\{BB7319DE-ED72-456D-9754-BD892AD1E3C9} => Key not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml => Moved successfully.
C:\Users\David\Downloads\Di_Pro_Ver_422_exe_update.exe => Moved successfully.
C:\ProgramData\PKP_DLeo.DAT => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\Users\David\en_res.dll => Moved successfully.
C:\Users\David\es_res.dll => Moved successfully.
C:\Users\David\fr_res.dll => Moved successfully.
C:\Users\David\it_res.dll => Moved successfully.
C:\Users\David\jp_res.dll => Moved successfully.
C:\Users\David\mfc80u.dll => Moved successfully.
C:\Users\David\msvcr80.dll => Moved successfully.
C:\Users\David\PCPE Setup.exe => Moved successfully.
C:\Users\David\pt_res.dll => Moved successfully.
C:\Users\David\ResourceReader.dll => Moved successfully.
C:\Users\David\ru_res.dll => Moved successfully.
C:\Users\David\Steckler1OFXLOG.DAT => Moved successfully.
C:\Users\David\zh_res.dll => Moved successfully.
C:\Users\David\AppData\Local\Temp\checkhgs.dll => Moved successfully.
C:\Users\David\AppData\Local\Temp\Perfect_Photo_Suite_8.1.0_LR_AP_Update.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\David\AppData\Local\Temp\SHSetup.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#6
emeraldnzl
Posted 07 January 2014 - 02:29 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello DSteckler,

Please download http://hijackthis.nl/smeenk/ and save it to your desktop.

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Copy the text below and paste it into the large window in the zoek tool:

StandardSearch;

  • Next click Options button below the large panel and check the boxes:

    Silent Runners

  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
  • 0

#7
DSteckler
Posted 07 January 2014 - 02:40 PM

DSteckler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Zoek.exe v5.0.0.0 Updated 05-Januari-2014
Tool run by David on Tue 01/07/2014 at 14:35:30.40.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

1/7/2014 2:37:35 PM Zoek.exe System Restore Point Created Succesfully.

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]
DellSystemDetect = C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [null data]
AOL Fast Start = "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b [AOL Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
EvtMgr6 = C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [Logitech, Inc.]
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
IAStorIcon = "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation]
RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [Realtek Semiconductor]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
IMSS = "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [Intel Corporation]
USB3MON = "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [Intel Corporation]
Acrobat Assistant 8.0 = "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [Adobe Systems Inc.]
HostManager = C:\Program Files (x86)\Common Files\AOL\1370466466\ee\AOLSoftware.exe [AOL Inc.]
Intuit SyncManager = C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [null data]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
BrStsMon00 = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [Brother Industries, Ltd.]
ControlCenter4 = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [Brother Industries, Ltd.]
Display = C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [Schneider Electric]
CanonSolutionMenuEx = C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [CANON INC.]
IJNetworkScannerSelectorEX = C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [CANON INC.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
AVG_UI = "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.]
WD Quick View = C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [Western Digital Technologies, Inc.]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Adobe PDF Reader Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
-> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX BHO
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = Search Helper
-> {HKLM...Wow...CLSID} = Search Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java™ Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Adobe PDF Conversion Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

{AF949550-9094-4807-95EC-D1C317803333}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Logitech SetPoint
\InProcServer32\(Default) = C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [Logitech, Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java™ Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = ShellViewRTF
-> {HKLM...CLSID} = ShellViewRTF
\InProcServer32\(Default) = C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\PROTECTRP\Shellvrtf64.dll [XSS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office12\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = RXDCExtShlExt extension
-> {HKLM...CLSID} = RXDCExtShlExt Class
\InProcServer32\(Default) = c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} = Logitech Setpoint Extension
-> {HKLM...CLSID} = KbLogiExt Class
\InProcServer32\(Default) = C:\Program Files\Logitech\SetPointP\kbcplext.dll [Logitech, Inc.]

{CF74B903-3389-469c-B3B6-0204D204FCBD} = SnagIt Shell Extension
-> {HKLM...CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension
-> {HKLM...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgsea.dll [AVG Technologies CZ, s.r.o.]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = Adobe.Acrobat.ContextMenu
-> {HKLM...Wow...CLSID} = Acrobat Elements Context Menu
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{7D5C4BDD-B015-4401-8731-1507B87DE297} = QBVersionTool
-> {HKLM...Wow...CLSID} = VersionShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBVersionTool.dll [Intuit Inc.]

{6872d785-fe43-44cb-9b2a-2df4c5eb13b2} = eFax Messenger - Shell Extension
-> {HKLM...Wow...CLSID} = HotShellExt
\InProcServer32\(Default) = C:\Program Files (x86)\eFax Messenger 4.4\J2GShell.dll [j2 Global Communications, Inc.]

{CF74B903-3389-469c-B3B6-0204D204FCBD} = SnagIt Shell Extension
-> {HKLM...Wow...CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 11\SnagitShellExt.dll [TechSmith Corporation]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension
-> {HKLM...Wow...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
-> {HKLM...Wow...CLSID} = Acrobat Elements Context Menu
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.]

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
-> {HKLM...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgsea.dll [AVG Technologies CZ, s.r.o.]
-> {HKLM...Wow...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.]

HotShellExt_40\(Default) = {6872D785-FE43-44cb-9B2A-2DF4C5EB13B2}
-> {HKLM...Wow...CLSID} = HotShellExt
\InProcServer32\(Default) = C:\Program Files (x86)\eFax Messenger 4.4\J2GShell.dll [j2 Global Communications, Inc.]

RXDCExtSvr\(Default) = {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
-> {HKLM...CLSID} = RXDCExtShlExt Class
\InProcServer32\(Default) = c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions]

SnagItMainShellExt\(Default) = {CF74B903-3389-469c-B3B6-0204D204FCBD}
-> {HKLM...CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]
-> {HKLM...Wow...CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 11\SnagitShellExt.dll [TechSmith Corporation]

WDBackupMenuHandler\(Default) = {C752BC82-C19A-4827-9C15-0996BA85C180}
-> {HKLM...CLSID} = WDBackupMenuHandler Class
\InProcServer32\(Default) = C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [Western Digital Technologies, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

WDBackupPropSheetHandler\(Default) = {C752BC82-C19A-4827-9C15-0996BA85C180}
-> {HKLM...CLSID} = WDBackupMenuHandler Class
\InProcServer32\(Default) = C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [Western Digital Technologies, Inc.]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

SnagItMainShellExt\(Default) = {CF74B903-3389-469c-B3B6-0204D204FCBD}
-> {HKLM...CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [TechSmith Corporation]
-> {HKLM...Wow...CLSID} = SnagItShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\TechSmith\Snagit 11\SnagitShellExt.dll [TechSmith Corporation]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
-> {HKLM...Wow...CLSID} = Acrobat Elements Context Menu
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.]

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
-> {HKLM...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgsea.dll [AVG Technologies CZ, s.r.o.]
-> {HKLM...Wow...CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM...CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

RXDCExtSvr\(Default) = {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
-> {HKLM...CLSID} = RXDCExtShlExt Class
\InProcServer32\(Default) = c:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [Sonic Solutions]

WDBackupMenuHandler\(Default) = {C752BC82-C19A-4827-9C15-0996BA85C180}
-> {HKLM...CLSID} = WDBackupMenuHandler Class
\InProcServer32\(Default) = C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [Western Digital Technologies, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\PropertySheetHandlers\

WDBackupPropSheetHandler\(Default) = {C752BC82-C19A-4827-9C15-0996BA85C180}
-> {HKLM...CLSID} = WDBackupMenuHandler Class
\InProcServer32\(Default) = C:\Program Files\Western Digital\WD SmartWare\\WDContextMenuHandler.dll [Western Digital Technologies, Inc.]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

EnableLUA = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AdobePhotoshopElements9ShowPicturesOnArrival\
Provider = Adobe Elements Organizer 9.0
InvokeProgID = PhotoshopElements.Application.9
InvokeVerb = launch
HKLM\SOFTWARE\Classes\PhotoshopElements.Application.9\shell\launch\command\(Default) = "C:\Program Files (x86)\Adobe\Elements 9 Organizer\PseProxy.exe" -v "%1" [Adobe Systems Incorporated]

CanonMPNEX51PictureOnArrival\
Provider = MP Navigator EX Ver5.1
InvokeProgID = MPNavigatorEX51.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\MPNavigatorEX51.AutoplayHandler\shell\open\command\(Default) = C:\Program Files (x86)\Canon\MP Navigator EX 5.1\mpnex51.exe /AUTOPLAY %1 [CANON INC.]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

LaplinkFileMover\
Provider = @C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe,-102
ProgID = LLUSBArrival.LLUSBArrival
InitCmdLine = FileMover
HKLM\SOFTWARE\Classes\LLUSBArrival.LLUSBArrival\CLSID\(Default) = {9C9F0897-E181-41C4-A588-1525A8D1563F}
-> {HKLM...CLSID} = Laplink USBArrival Class
\LocalServer32\(Default) = "C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe" [Laplink Sofware, Inc]

LaplinkGold\
Provider = @C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe,-112
ProgID = LLUSBArrival.LLUSBArrival
InitCmdLine = Laplink
HKLM\SOFTWARE\Classes\LLUSBArrival.LLUSBArrival\CLSID\(Default) = {9C9F0897-E181-41C4-A588-1525A8D1563F}
-> {HKLM...CLSID} = Laplink USBArrival Class
\LocalServer32\(Default) = "C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe" [Laplink Sofware, Inc]

LaplinkPCmover\
Provider = @C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe,-111
ProgID = LLUSBArrival.LLUSBArrival
InitCmdLine = PCmover
HKLM\SOFTWARE\Classes\LLUSBArrival.LLUSBArrival\CLSID\(Default) = {9C9F0897-E181-41C4-A588-1525A8D1563F}
-> {HKLM...CLSID} = Laplink USBArrival Class
\LocalServer32\(Default) = "C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe" [Laplink Sofware, Inc]

LaplinkPCSync\
Provider = @C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe,-116
ProgID = LLUSBArrival.LLUSBArrival
InitCmdLine = PCSync
HKLM\SOFTWARE\Classes\LLUSBArrival.LLUSBArrival\CLSID\(Default) = {9C9F0897-E181-41C4-A588-1525A8D1563F}
-> {HKLM...CLSID} = Laplink USBArrival Class
\LocalServer32\(Default) = "C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe" [Laplink Sofware, Inc]

LaplinkSWSY\
Provider = @C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe,-120
ProgID = LLUSBArrival.LLUSBArrival
InitCmdLine = SWSY
HKLM\SOFTWARE\Classes\LLUSBArrival.LLUSBArrival\CLSID\(Default) = {9C9F0897-E181-41C4-A588-1525A8D1563F}
-> {HKLM...CLSID} = Laplink USBArrival Class
\LocalServer32\(Default) = "C:\Program Files (x86)\Common Files\Laplink\LLUSBArrival\LLUSBArrival.exe" [Laplink Sofware, Inc]

Lightroom5BetaAutoPlayHandler64\
Provider = Adobe Photoshop Lightroom 5.0 64
InvokeProgID = Adobe.AdobeLightroom64
InvokeVerb = open
HKLM\SOFTWARE\Classes\Adobe.AdobeLightroom64\shell\open\command\(Default) = C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.3\Lightroom.exe "%L" [Adobe Systems]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

RoxioSCAudioCDTask36\
Provider = Roxio Central Audio
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = AudioCDTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\AudioCDTask\Command\(Default) = "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {1DF24BC5-8E7F-4D41-AF7B-1EAAF8CE889B} [null data]

RoxioSCCopyCD36\
Provider = Roxio Central Copy
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D} [null data]

RoxioSCCopyDisc36\
Provider = Roxio Central Copy
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\ExactCopyJob\Command\(Default) = "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {D7B34115-CCC3-4508-BAC4-02A111F4DB4D} [null data]

RoxioSCDataProject36\
Provider = Roxio Central Data
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = DataGuide
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataGuide\Command\(Default) = "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch Data [null data]

RoxioSCDataTask36\
Provider = Roxio Central Data
InvokeProgID = Roxio.RoxioCentral36
InvokeVerb = DataTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral36\shell\DataTask\Command\(Default) = "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe" /Launch {85B64A0F-9111-4A55-8B5A-59343EE1EE8B} [null data]

WIA_{20F46D31-2B10-4823-A7B2-22A7E6B26806}\
Provider = MP Navigator EX Ver5.1
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator EX 5.1\mpnex51.exe /StiDevice:%1 /StiEvent:%2;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{68D0D4AA-4A4F-4276-9AAB-F3A6CDFBCCD4}\
Provider = Microsoft Office OneNote
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE /IMG_WIA;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


Startup items in "David" & "All Users" startup folders:
-------------------------------------------------------

C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
Dell Dock -> shortcut to: C:\Program Files\Dell\DellDock\DellDock.exe [null data]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
Adobe Acrobat Speed Launcher -> shortcut to: C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [null data]
Adobe Acrobat Synchronizer -> shortcut to: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [Adobe Systems Incorporated]
APC UPS Status -> shortcut to: C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe [Schneider Electric]
Evoluent Mouse Manager -> shortcut to: C:\Windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe [null data]


Windows Sidebar Gadgets: {++}
------------------------

C:\Users\David\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CClock.Gadget"
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget"


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
DriverEasy Scheduled Scan -> launches: C:\Program Files\Easeware\DriverEasy\DriverEasy.exe --scan [null data]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
PCDEventLauncherTask -> launches: "C:\Program Files\My Dell\sessionchecker.exe" [PC-Doctor, Inc.]
PCDoctorBackgroundMonitorTask -> launches: "C:\Program Files\My Dell\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently [PC-Doctor, Inc.]
SystemToolsDailyTest -> launches: "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently [file not found]
TechSmith Updater -> launches: C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe all [null data]
{2CC97CCF-FB3D-49EB-9FE1-FB2292A09476} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\David\AppData\Roaming\Easeware\DriverEasy\drivers\sw2p4zzc.544\Intel_USB3.0_Win7_2.0.0.102_PV.exe -d C:\Users\David\AppData\Roaming\Easeware\DriverEasy\drivers\sw2p4zzc.544 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40b4-8963-D3C761B18371}
-> {HKLM...CLSID} = PerfTrack TaskHandler class
\InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3744436825-3090656004-2746742966-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = (no title provided)
-> {HKLM...Wow...CLSID} = Adobe PDF
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
-> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX
\InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

Explorer Bars

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Adobe PDF
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
-> {HKLM...Wow...CLSID} = &Research
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Adobe Active File Monitor V9, AdobeActiveFileMonitor9.0, C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [Adobe Systems Incorporated]
Andrea RT Filters Service, AERTFilters, C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [Andrea Electronics Corporation]
APC Data Service, APC Data Service, "C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe" [null data]
APC UPS Service, APC UPS Service, "C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe" [Schneider Electric]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
BrYNSvc, BrYNSvc, "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [Brother Industries, Ltd.]
Canon Inkjet Printer/Scanner/Fax Extended Survey Program, IJPLMSVC, C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [null data]
Dell Digital Delivery Service, DellDigitalDelivery, "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [null data]
Dock Login Service, DockLoginService, C:\Program Files\Dell\DellDock\DockLogin.exe [Stardock Corporation]
FLEXnet Licensing Service, FLEXnet Licensing Service, "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [Macrovision Europe Ltd.]
Garmin Core Update Service, Garmin Core Update Service, "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe" [null data]
Intel® Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel® Integrated Clock Controller Service - Intel® ICCS, ICCS, "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe" [Intel Corporation]
Intel® Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel® Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel® Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
Intuit Update Service v4, IntuitUpdateServiceV4, "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
Motorola Device Manager Service, Motorola Device Manager, C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [Motorola Mobility LLC]
Nalpeiron Licensing Service, nlsX86cc, C:\Windows\SysWOW64\nlssrv32.exe [Nalpeiron Ltd.]
PST Service, PST Service, C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [Motorola]
QBCFMonitorService, QBCFMonitorService, "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [null data]
QuickBooksDB20, QuickBooksDB20, C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [Intuit, Inc.]
Realtek Audio Service, RtkAudioService, C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [Realtek Semiconductor]
SeaPort, SeaPort, "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [MS]
SoftThinks Agent Service, SftService, "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE" [SoftThinks SAS]
SpyHunter 4 Service, SpyHunter 4 Service, C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [Enigma Software Group USA, LLC.]
WD Backup, WDBackup, "C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe" [Western Digital Technologies, Inc.]
WD Drive Manager, WDDriveService, "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe" [Western Digital Technologies, Inc.]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
ZAtheros Wlan Agent, ZAtheros Wlan Agent, C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [Atheros]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MCODS,

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MCODS,


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = AdobePDF.dll [Adobe Systems Incorporated.]
Canon BJ FAX Language Monitor MX890 series\Driver = CNCALAZ.DLL [CANON INC.]
Canon BJ Language Monitor MX890 series\Driver = CNMLMAZ.DLL [CANON INC.]
Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]


<<H>>: Suspicious data at a browser hijack point.


==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 01/07/2014 at 14:38:27.51 ======================
  • 0

#8
emeraldnzl
Posted 07 January 2014 - 03:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello DSteckler,

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Click Options button below the large panel and check the boxe:

    Auto Clean

  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
  • 0

#9
DSteckler
Posted 07 January 2014 - 05:29 PM

DSteckler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Zoek.exe v5.0.0.0 Updated 05-Januari-2014
Tool run by David on Tue 01/07/2014 at 17:12:30.99.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Downloads\zoek.exe [Scan all users] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-01-07-203827.log 58209 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140107_0520_.backup

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140107_0520_.backup

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default

user.js not found
---- Lines extensions.KVv removed from prefs.js ----
user_pref("extensions.KVv.epoch", "1383749877");
user_pref("extensions.KVv.url", "http://getjpijs.info...rdkFqdk6qjgMDMl
---- Lines extensions.RfdPwPuH removed from prefs.js ----
user_pref("extensions.RfdPwPuH.epoch", "1389184107");
user_pref("extensions.RfdPwPuH.url", "http://jobfirstnet.i...w9rdwEqHwGrTYFr
---- Lines extensions.YeE removed from prefs.js ----
user_pref("extensions.YeE.epoch", "1383742530");
user_pref("extensions.YeE.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.i
user_pref("extensions.YeE.url", "http://getsrv.info/s...kFrTk8rTUMDMlGo
---- Lines extensions._axd removed from prefs.js ----
user_pref("extensions._axd.epoch", "1383742530");
user_pref("extensions._axd.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.
---- Lines extensions.q8UM1wHABot removed from prefs.js ----
user_pref("extensions.q8UM1wHABot.epoch", "1383742530");
user_pref("extensions.q8UM1wHABot.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.ho
user_pref("extensions.q8UM1wHABot.url", "http://getjpi1.info/...jwHrjwEqjwGqjkG
---- Lines extensions.zc5g removed from prefs.js ----
user_pref("extensions.zc5g.epoch", "1383749877");
user_pref("extensions.zc5g.url", "http://getjpi1.info/...qjw9qjC8qSh7hfs
---- FireFox user.js and prefs.js backups ----

prefs_20140107_0520_.backup

==== Deleting Files \ Folders ======================

"C:\Windows\Installer\341de13.msi" not found
C:\Users\David\AppData\LocalLow\{2EC81B24-2DFE-0A82-63A5-9502ED188E6D} deleted
C:\Users\David\AppData\LocalLow\{4EB92C7F-1F67-185E-EB50-EDAA0293CB71} deleted
C:\Users\David\AppData\LocalLow\{63D7AEB7-BA09-BEF9-7EA1-8B96808A59D5} deleted
C:\Users\David\AppData\LocalLow\{81918116-4E3E-3E92-374A-8A7F6C694346} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{2EC81B24-2DFE-0A82-63A5-9502ED188E6D} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{4EB92C7F-1F67-185E-EB50-EDAA0293CB71} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{63D7AEB7-BA09-BEF9-7EA1-8B96808A59D5} deleted
C:\Users\David\AppData\Local\Packages\windows_ie_ac_001\AC\{81918116-4E3E-3E92-374A-8A7F6C694346} deleted
C:\found.002 deleted
C:\ProgramData\InstallMate deleted
C:\ProgramData\Package Cache deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Windows\Syswow64\nsbBC5F.tmp deleted
C:\Windows\Syswow64\nsdB019.tmp deleted
C:\Windows\Syswow64\nshBC30.tmp deleted
C:\Windows\Syswow64\nsyAFF9.tmp deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default\searchplugins\aol-search.xml deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default\aolToolbarData deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default\CT1269415 deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default\CT2645238 deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default\extensions\[email protected] deleted
"C:\Users\David\AppData\Local\{54150A1E-A1FE-48EE-B8C8-848842CED432}" deleted
"C:\Users\David\AppData\Local\{B0D76152-17AD-47A4-AF97-EDA29E2362CF}" deleted
"C:\Users\David\AppData\Local\{C4B643EB-4C44-4381-9A69-2751C8414A48}" deleted
"C:\Users\David\AppData\Local\{FEA34263-AFBE-42E8-8BB8-D12DF43569D9}" deleted
"C:\Users\David\AppData\Roaming\Automatic Filter" deleted
"C:\Users\David\AppData\Roaming\Automator" deleted
"C:\Users\David\AppData\Roaming\BSD" deleted
"C:\Users\David\AppData\Roaming\Bubble Noise" deleted
"C:\Users\David\AppData\Roaming\Help" deleted
"C:\ProgramData\Ambient" deleted
"C:\ProgramData\Basic Track" deleted
"C:\ProgramData\Basics" deleted
"C:\ProgramData\Bass" deleted
"C:\ProgramData\Brother" deleted
"C:\ProgramData\Caches" deleted
"C:\ProgramData\Frameworks" deleted
"C:\ProgramData\HomePageService" deleted
"C:\ProgramData\Icons" deleted
"C:\ProgramData\Importer" deleted
"C:\ProgramData\f718f6bf7bd30a17\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\ProgramData\f718f6bf7bd30a17\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old" deleted
"C:\ProgramData\f718f6bf7bd30a17\{C1A27135-69EB-8D44-7358-34727DD7B820}" deleted
"C:\ProgramData\f718f6bf7bd30a17\{C1A27135-69EB-8D44-7358-34727DD7B820}.old" deleted
"C:\ProgramData\f718f6bf7bd30a17\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted
"C:\ProgramData\f718f6bf7bd30a17\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old" deleted
"C:\ProgramData\f718f6bf7bd30a17" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [06/06/2013 04:43 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Undetermined - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Logitech - %ProfilePath%\extensions\[email protected]
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\[email protected]
- AniWeather - %ProfilePath%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Adblock Edge - %ProfilePath%\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\h32zf1q6.default
- Firefox Sync - %ProfilePath%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Exif Viewer - %ProfilePath%\extensions\[email protected]
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David
DFD5A8C94118C4E85B33245C2DDB553A - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\gr6r7ygb.David\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll - Logitech Device Detection
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ttgz3nd3.default
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\David\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[10/06/2012 01:13 AM]
lipgolpfajiadodbcbljdpmbmbdmfcil - C:\Users\David\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx[]
nemfjadlboooiffmcelkafilagddogim - C:\Users\David\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lipgolpfajiadodbcbljdpmbmbdmfcil - C:\Users\David\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx[]
nemfjadlboooiffmcelkafilagddogim - C:\Users\David\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx[]

Logitech SetPoint - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Logitech SetPoint - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Chrome In-App Payments service - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nemfjadlboooiffmcelkafilagddogim deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://att.yahoo.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...ox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.co...ge={startPage}"
{B063E8E3-0D09-467C-81EF-E3A345FC2733} Google Url="http://www.google.co...tputEncoding?}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB8E7C929DBF19D4CBF44B077C815D45 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\8882efc5-05b4-4d39-b73f-333748155c7f deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ec5654ff-2c9d-42c0-8891-f471365098ce deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{608B09F7-6758-51ED-C647-AA9EC8205520} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB926504-0B09-F6AA-F5FE-7F786A7E5C54} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E66A211E-C502-2464-A2C6-4331F7877880} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\EB8E7C929DBF19D4CBF44B077C815D45 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IMGT7N will be deleted at reboot
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATJHAT75 will be deleted at reboot
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0MPD4XC will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\David\AppData\Local\Mozilla\Firefox\Profiles\ttgz3nd3.default\Cache will be emptied at reboot

==== Empty Chrome Cache ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=127 folders=50 52354060 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\QBDataServiceUser20\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39IMGT7N" not found
"C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATJHAT75" not found
"C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0MPD4XC" not found

==== EOF on Tue 01/07/2014 at 17:25:52.49 ======================
  • 0

#10
emeraldnzl
Posted 07 January 2014 - 05:35 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Are you still getting the Price Comparison pop up?
  • 0

#11
DSteckler
Posted 07 January 2014 - 06:02 PM

DSteckler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
So far, no. Thank you! I'll post again if the malware appears.
  • 0

#12
emeraldnzl
Posted 07 January 2014 - 06:34 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again DSteckler,

So far, no.


Good news. I think you are good to go. :thumbsup:

In your shoes I would run and online AV scan just to make sure. Here are some instructions:

Run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • If you have any quesitons, use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log back here.
  • If there is nothing to worry about just continue with the instructions below.
Now

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Step 2

Go to Start and enter zoek in the Search programs and files panel. Delete all items relating to zoek.

Any remaining tools may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#13
emeraldnzl
Posted 11 January 2014 - 09:04 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP