Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Pop Ups & Ads have taken over laptop [Solved]

Started by mckinney7 , Mar 09 2014 03:22 PM

This topic is locked

#1
mckinney7

Posted 09 March 2014 - 03:22 PM

Member

Member
60 posts

Hello,

I am posting this topic because the internet on our laptop is very difficult to use due to constant pop-up ads, advertising videos and websites that come up when we have clicked a button to go somewhere else. Here are some examples:

When I clicked on the Google Chrome button, which should open up the Google search engine, a different site came up. The address was search.conduit.com/... When I try going to an electronics store website, a page pops up saying "www.downloadchop.com says WARNING! Please install update to continue" and it wants me to install Lightspark Player Pro. This website is rvzr-a.akamaihd.net/sd/dw31.html.......
Before getting to the electronics site, a strip of ads cover the bottom of the screen, and a different pop-up with coupons comes up.
On the electronics website I try to go to a certain product but a new window is brought up that is www.aliexpress.com. Along the way, three other ads and a video pop up on the page.
When I came to the geekstogo.com site, virus protection ads were popping up. When I clicked on "start a new topic" another window came up called sw.eboom.com with ads about virus removal.

Last year some time, Geekstogo helped me with a different computer, so I have tried running some of the same software on the laptop that I used then. I have run: AdwCleaner, Junkware Removal Tool, and ComboFix. The first two gave a report, but no report came up after running the ComboFix. Also, I was supposed to turn off any virus/malware detection software. We have AVG Free on the laptop, but I cannot change it. There is no option to turn it off and the computer will not let me delete it, although I can delete other programs.

I hope I have given you enough information. If not, please let me know. The OTL log follows.

Thank you!!

Melanie
----------------

OTL logfile created on: 3/9/2014 3:44:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 40.96% Memory free
3.87 Gb Paging File | 2.34 Gb Available in Paging File | 60.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.40 Gb Total Space | 166.79 Gb Free Space | 75.68% Space Free | Partition Type: NTFS
Drive D: | 12.29 Gb Total Space | 2.06 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
Drive E: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/09 15:44:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2014/03/09 13:57:48 | 000,045,056 | ---- | M] (3Ggzeeg Letteaett S8Xess) -- C:\Windows\SysWOW64\annnmfb.exe
PRC - [2014/01/22 21:07:33 | 005,721,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2013/07/15 22:36:22 | 000,040,960 | ---- | M] () -- C:\Microsoft_SDK\lib\include\iexploror.exe
PRC - [2013/05/28 08:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2012/06/19 23:48:24 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/05 07:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/01 23:34:33 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/01 18:42:37 | 013,616,456 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2013/07/15 22:36:22 | 000,040,960 | ---- | M] () -- C:\Microsoft_SDK\lib\include\iexploror.exe
MOD - [2012/02/20 23:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 23:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/22 21:07:40 | 000,815,104 | ---- | M] (WildTangent, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2014/01/22 21:07:37 | 000,692,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/01/22 21:07:35 | 000,627,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/22 21:07:34 | 000,754,688 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2014/01/22 21:07:33 | 005,721,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/28 08:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 15:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/19 06:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 07:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 07:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 06:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 15:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 15:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 15:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/21 22:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/13 17:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/23 19:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CE45867C-5DBB-4E0C-B0B1-D6157F8898B8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CE45867C-5DBB-4E0C-B0B1-D6157F8898B8}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS483
IE - HKCU\..\SearchScopes\{CE45867C-5DBB-4E0C-B0B1-D6157F8898B8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/01 03:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/19 23:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/31 12:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/02 12:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha831\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff [2014/03/09 13:17:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtest4354@BestOffers: C:\Users\John\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014/02/07 23:31:20 | 000,000,000 | ---D | M]

[2014/02/07 23:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2014/02/07 23:31:20 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
[2012/08/18 00:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA831\FF
[2014/03/09 13:17:35 | 000,000,000 | ---D | M] (Media View) -- C:\PROGRAM FILES (X86)\MEDIAVIEWV1\MEDIAVIEWV1ALPHA7893\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Media View = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebplnjmfmakhhedomfffdiekifpdffnd\1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Media Player = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdogjkfilcjijfpdcdfbgpooboehajag\1.1_0\
CHR - Extension: Google Wallet = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Speed Test 127) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Speed Test 127) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Video Player) - {38f05420-132e-4103-866e-d41afa404d24} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ie\VideoPlayerV3beta5635.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Media View) - {5cde78ae-e49c-4aab-b1ba-80e5324a1987} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ie\MediaViewV1alpha7893.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Media Player) - {d88dbc45-6ef4-493c-a615-4b247cb0ed44} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha831\ie\MediaPlayerV1alpha831.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [rsonhe] C:\Users\John\AppData\Roaming\rsonhe.dll (Andrew Zhezherun)
O4:64bit: - HKLM..\Run: [wipdey] C:\Users\John\AppData\Roaming\wipdey.dll (Crytek)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Users\John\AppData\Roaming\Adobe\AdobeUpdaterInstallMgr.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Nvidia] C:\Microsoft_SDK\lib\include\cc1xb.js ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 173.244.132.86 173.244.132.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81F105C5-75F7-4B34-BD57-6B3F15F03039}: DhcpNameServer = 173.244.132.86 173.244.132.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81F105C5-75F7-4B34-BD57-6B3F15F03039}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: DhcpNameServer = 172.168.34.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: NameServer = 76.73.7.75,107.6.133.7
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/09 14:59:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/09 14:59:29 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/03/09 14:53:16 | 005,187,267 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2014/03/09 14:00:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/09 13:57:48 | 000,045,056 | ---- | C] (3Ggzeeg Letteaett S8Xess) -- C:\Windows\SysWow64\annnmfb.exe
[2014/03/09 13:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/03/09 13:38:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/09 13:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/03/09 13:24:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/03/09 13:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaViewV1
[2014/02/07 23:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speed Test 127
[2012/07/31 00:04:59 | 000,459,776 | ---- | C] (Andrew Zhezherun) -- C:\Users\John\AppData\Roaming\rsonhe.dll
[2012/07/30 16:09:41 | 000,135,680 | -HS- | C] (Crytek) -- C:\Users\John\AppData\Roaming\wipdey.dll
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/09 15:36:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/09 15:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA.job
[2014/03/09 15:01:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/09 14:53:58 | 005,187,267 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2014/03/09 13:57:48 | 000,045,056 | ---- | M] (3Ggzeeg Letteaett S8Xess) -- C:\Windows\SysWow64\annnmfb.exe
[2014/03/09 13:55:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 13:55:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/09 13:55:03 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/09 13:55:02 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/09 13:55:02 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/09 13:47:37 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/09 13:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/09 13:45:56 | 1556,500,480 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/09 13:43:26 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core.job
[2014/03/09 13:27:51 | 000,032,768 | ---- | M] () -- C:\Windows\SysWow64\djifiok.exe
[2014/03/09 13:24:59 | 000,001,264 | ---- | M] () -- C:\Users\John\Desktop\Revo Uninstaller.lnk
[2014/03/09 13:18:54 | 000,000,162 | ---- | M] () -- C:\extensions.ini
[2014/03/09 13:18:42 | 000,000,258 | RHS- | M] () -- C:\Users\John\ntuser.pol
[2014/03/09 13:18:41 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/07 23:35:12 | 000,001,969 | ---- | M] () -- C:\Users\John\Desktop\Sync Folder.lnk
[2014/02/07 23:31:08 | 000,001,258 | ---- | M] () -- C:\Users\John\Desktop\Speed Test.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/09 13:27:51 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\djifiok.exe
[2014/03/09 13:24:59 | 000,001,264 | ---- | C] () -- C:\Users\John\Desktop\Revo Uninstaller.lnk
[2014/02/07 23:35:12 | 000,001,969 | ---- | C] () -- C:\Users\John\Desktop\Sync Folder.lnk
[2014/02/07 23:31:08 | 000,001,258 | ---- | C] () -- C:\Users\John\Desktop\Speed Test.lnk
[2014/01/30 19:43:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/29 15:43:46 | 000,000,258 | RHS- | C] () -- C:\Users\John\ntuser.pol
[2013/05/30 16:54:52 | 000,107,245 | ---- | C] () -- C:\Windows\SysWow64\itusbcore.dat
[2013/05/30 16:54:52 | 000,000,206 | ---- | C] () -- C:\Users\John\AppData\Roaming\itlsvc.dat
[2013/05/30 16:51:41 | 000,235,016 | ---- | C] () -- C:\Users\John\AppData\Roaming\adodbupd.dat
[2012/08/14 17:50:20 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/08/14 10:43:39 | 000,027,520 | ---- | C] () -- C:\Users\John\AppData\Local\dt.dat
[2012/08/01 11:05:01 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/07/31 11:59:10 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2012/07/10 00:52:17 | 000,149,376 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

========== ZeroAccess Check ==========

[2011/11/17 02:14:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}\@
[2011/11/17 02:14:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}\L
[2012/08/19 16:37:04 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}\U
[2012/08/19 16:37:04 | 000,001,712 | ---- | M] () -- C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}\U\00000001.@
[2012/08/01 22:45:09 | 000,016,896 | ---- | M] () -- C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}\U\80000000.@
[2012/08/02 15:31:06 | 000,023,552 | ---- | M] () -- C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}\U\800000cb.@
[2012/07/31 15:00:19 | 000,002,048 | -HS- | M] () -- C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}\@
[2011/11/17 02:14:10 | 000,000,000 | -HSD | M] -- C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}\L
[2011/11/17 02:14:10 | 000,000,000 | -HSD | M] -- C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/11 01:52:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.minecraft
[2012/07/31 12:38:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG2012
[2013/05/15 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ConverterLite
[2012/07/31 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2013/05/13 23:31:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Video Converter
[2012/08/14 15:29:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WildTangent

========== Purity Check ==========

< End of report >

#2
JSntgRvr

Posted 09 March 2014 - 10:55 PM

Global Moderator

Global Moderator
11,579 posts

Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the entire content of the quote box (except the word quote) below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
C:\Windows\SysWOW64\annnmfb.exe
C:\Microsoft_SDK\lib\include\iexploror.exe
C:\Windows\SysWow64\djifiok.exe
C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}
C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d
C:\Windows\assembly\Desktop.ini

:OTL
IE:64bit: - HKLM\..\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
O4:64bit: - HKLM..\Run: [rsonhe] C:\Users\John\AppData\Roaming\rsonhe.dll (Andrew Zhezherun)
O4:64bit: - HKLM..\Run: [wipdey] C:\Users\John\AppData\Roaming\wipdey.dll (Crytek)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

:Commands
[EMPTYTEMP]
[RESETHOSTS]
[EMPTYJAVA]
[REBOOT]
Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
Click the red Run Fix button.
The computer will restart
A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Upon the restart follow these steps:

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Re-scan with OTL and post the new OTL.txt log.

#3
mckinney7

Posted 10 March 2014 - 09:47 PM

Member

Topic Starter
Member
60 posts

Hello,

I have tried to do all you said:

I reran OTL after pasting in the information you gave me. Here is the report:

All processes killed
========== FILES ==========
C:\Windows\SysWOW64\annnmfb.exe moved successfully.
C:\Microsoft_SDK\lib\include\iexploror.exe moved successfully.
C:\Windows\SysWow64\djifiok.exe moved successfully.
C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}\U folder moved successfully.
C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d}\L folder moved successfully.
C:\Windows\Installer\{c61068ee-686a-f03c-cae0-23efa025227d} folder moved successfully.
File\Folder C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d not found.
C:\Windows\assembly\Desktop.ini moved successfully.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BE81A98-4982-40CE-897A-8CABA85934FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BE81A98-4982-40CE-897A-8CABA85934FC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BE81A98-4982-40CE-897A-8CABA85934FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BE81A98-4982-40CE-897A-8CABA85934FC}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rsonhe deleted successfully.
C:\Users\John\AppData\Roaming\rsonhe.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wipdey deleted successfully.
C:\Users\John\AppData\Roaming\wipdey.dll moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: John
->Temp folder emptied: 7357935560 bytes
->Temporary Internet Files folder emptied: 3774867314 bytes
->Java cache emptied: 89186 bytes
->Google Chrome cache emptied: 93694475 bytes
->Flash cache emptied: 67532 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 229963140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 622733678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 748 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11,520.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: John
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03102014_195024

Files\Folders moved on Reboot...
C:\Users\John\AppData\Local\Temp\deo0_sar.exe moved successfully.
C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8U6S15N\d_txtsrving_info[3].js moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8U6S15N\servlet[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGAF91WL\cjar[2].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGAF91WL\plugin_w[3].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGAF91WL\sf_alive[5].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFP0023N\cjar[1].htm moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFP0023N\d2_txtsrving_info[1].js moved successfully.
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFP0023N\userData[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

---------

Then I ran the Junkware Removal Tool. I should tell you that I could not get rid of the AVG virus software. There was no place to turn it off and my computer will not let me uninstall it. Here is that report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on Mon 03/10/2014 at 20:35:54.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{c61068ee-686a-f03c-cae0-23efa025227d}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/10/2014 at 20:45:31.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then I ran ADWCleaner. Here is the report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on Mon 03/10/2014 at 20:35:54.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\John\appdata\local\{c61068ee-686a-f03c-cae0-23efa025227d}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/10/2014 at 20:45:31.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.021 - Report created 10/03/2014 at 22:12:58
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16447

-\\ Google Chrome v

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [19877 octets] - [09/03/2014 13:39:26]
AdwCleaner[R1].txt - [1050 octets] - [10/03/2014 21:20:52]
AdwCleaner[S0].txt - [19225 octets] - [09/03/2014 13:43:26]
AdwCleaner[S1].txt - [977 octets] - [10/03/2014 22:12:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1036 octets] ##########
----------

Finally, here is the second OTL log:

OTL logfile created on: 3/10/2014 10:22:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.79% Memory free
3.87 Gb Paging File | 2.52 Gb Available in Paging File | 65.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.40 Gb Total Space | 174.11 Gb Free Space | 79.00% Space Free | Partition Type: NTFS
Drive D: | 12.29 Gb Total Space | 2.06 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
Drive E: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/10 19:47:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL (1).exe
PRC - [2014/01/22 21:07:40 | 000,815,104 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
PRC - [2013/05/28 08:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2012/06/19 23:48:24 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/05 07:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/01 23:34:33 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/01 21:35:25 | 000,394,568 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/01 21:35:24 | 013,632,840 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
MOD - [2014/03/01 21:35:23 | 004,061,000 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/01 21:35:20 | 000,716,616 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014/03/01 21:35:19 | 000,100,168 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014/03/01 21:35:17 | 001,647,432 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/01 21:35:15 | 000,051,016 | ---- | M] () -- C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2012/02/20 23:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 23:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/22 21:07:40 | 000,815,104 | ---- | M] (WildTangent, Inc.) [Auto | Running] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2014/01/22 21:07:37 | 000,692,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/01/22 21:07:35 | 000,627,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/22 21:07:34 | 000,754,688 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2014/01/22 21:07:33 | 005,721,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/28 08:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009/04/29 14:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/13 15:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 15:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/19 06:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 07:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 07:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 06:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 15:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 15:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 15:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/21 22:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/13 17:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/23 19:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 14:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/02/13 01:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 01:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 01:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CE45867C-5DBB-4E0C-B0B1-D6157F8898B8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CE45867C-5DBB-4E0C-B0B1-D6157F8898B8}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS483
IE - HKCU\..\SearchScopes\{CE45867C-5DBB-4E0C-B0B1-D6157F8898B8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/01 03:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/19 23:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/31 12:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/02 12:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha831\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff [2014/03/09 13:17:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtest4354@BestOffers: C:\Users\John\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014/02/07 23:31:20 | 000,000,000 | ---D | M]

[2014/02/07 23:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2014/02/07 23:31:20 | 000,000,000 | ---D | M] (Speed Test 127) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
[2012/08/18 00:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA831\FF
[2014/03/09 13:17:35 | 000,000,000 | ---D | M] (Media View) -- C:\PROGRAM FILES (X86)\MEDIAVIEWV1\MEDIAVIEWV1ALPHA7893\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows LiveÂ® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Media View = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebplnjmfmakhhedomfffdiekifpdffnd\1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Wallet = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/03/10 20:10:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Speed Test 127) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Speed Test 127) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Video Player) - {38f05420-132e-4103-866e-d41afa404d24} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ie\VideoPlayerV3beta5635.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Media View) - {5cde78ae-e49c-4aab-b1ba-80e5324a1987} - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ie\MediaViewV1alpha7893.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Media Player) - {d88dbc45-6ef4-493c-a615-4b247cb0ed44} - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha831\ie\MediaPlayerV1alpha831.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Users\John\AppData\Roaming\Adobe\AdobeUpdaterInstallMgr.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Nvidia] C:\Microsoft_SDK\lib\include\cc1xb.js ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 173.244.132.86 173.244.132.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81F105C5-75F7-4B34-BD57-6B3F15F03039}: DhcpNameServer = 173.244.132.86 173.244.132.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81F105C5-75F7-4B34-BD57-6B3F15F03039}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 76.73.7.75,107.6.133.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: DhcpNameServer = 172.168.34.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: NameServer = 76.73.7.75,107.6.133.7
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/10 19:50:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/09 14:59:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/03/09 14:59:29 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/03/09 14:53:16 | 005,187,267 | R--- | C] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2014/03/09 14:00:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/09 13:38:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/09 13:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/03/09 13:24:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/03/09 13:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaViewV1
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/10 22:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA.job
[2014/03/10 22:23:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/10 22:23:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/10 22:20:12 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/10 22:20:12 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/10 22:20:12 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/10 22:19:27 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/10 22:14:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/10 22:14:05 | 1556,500,480 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/10 22:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/10 21:36:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/10 20:27:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/10 20:10:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/03/09 18:26:16 | 000,002,321 | ---- | M] () -- C:\Users\John\Desktop\Google Chrome.lnk
[2014/03/09 14:53:58 | 005,187,267 | R--- | M] (Swearware) -- C:\Users\John\Desktop\ComboFix.exe
[2014/03/09 13:43:26 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core.job
[2014/03/09 13:24:59 | 000,001,264 | ---- | M] () -- C:\Users\John\Desktop\Revo Uninstaller.lnk
[2014/03/09 13:18:54 | 000,000,162 | ---- | M] () -- C:\extensions.ini
[2014/03/09 13:18:42 | 000,000,258 | RHS- | M] () -- C:\Users\John\ntuser.pol
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/09 13:24:59 | 000,001,264 | ---- | C] () -- C:\Users\John\Desktop\Revo Uninstaller.lnk
[2014/01/30 19:43:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/29 15:43:46 | 000,000,258 | RHS- | C] () -- C:\Users\John\ntuser.pol
[2013/05/30 16:54:52 | 000,107,245 | ---- | C] () -- C:\Windows\SysWow64\itusbcore.dat
[2013/05/30 16:54:52 | 000,000,206 | ---- | C] () -- C:\Users\John\AppData\Roaming\itlsvc.dat
[2013/05/30 16:51:41 | 000,235,016 | ---- | C] () -- C:\Users\John\AppData\Roaming\adodbupd.dat
[2012/08/14 17:50:20 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/08/14 10:43:39 | 000,027,520 | ---- | C] () -- C:\Users\John\AppData\Local\dt.dat
[2012/08/01 11:05:01 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/07/31 11:59:10 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2012/07/10 00:52:17 | 000,149,376 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

========== ZeroAccess Check ==========

[2012/07/31 15:00:19 | 000,002,048 | -HS- | M] () -- C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}\@
[2011/11/17 02:14:10 | 000,000,000 | -HSD | M] -- C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}\L
[2011/11/17 02:14:10 | 000,000,000 | -HSD | M] -- C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}\U

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/11 01:52:41 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.minecraft
[2012/07/31 12:38:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG2012
[2013/05/15 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ConverterLite
[2012/07/31 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2013/05/13 23:31:56 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Video Converter
[2012/08/14 15:29:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WildTangent

========== Purity Check ==========

< End of report >
---------

Everything seems to be working about the same so far, with lots of popups, and ads.

Thanks!

Melanie

#4
JSntgRvr

Posted 11 March 2014 - 11:20 AM

Global Moderator

Global Moderator
11,579 posts

Entries for zero access are still persisting.

Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the entire content of the quote box (except the word quote) below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
Attrib -r -s -h C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d} /s /d /c
C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}
Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
Click the red Run Fix button.
The computer will restart
A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

#5
mckinney7

Posted 11 March 2014 - 08:40 PM

Member

Topic Starter
Member
60 posts

I ran the fix in OTL and the log follows. FYI the computer did not restart for some reason and there was no mention of it needing to restart. I will work on the other scans next.

========== FILES ==========
< Attrib -r -s -h C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d} /s /d /c >
C:\Users\John\Downloads\cmd.bat deleted successfully.
C:\Users\John\Downloads\cmd.txt deleted successfully.
C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}\U folder moved successfully.
C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d}\L folder moved successfully.
C:\Users\John\AppData\Local\{c61068ee-686a-f03c-cae0-23efa025227d} folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03112014_213605

#6
mckinney7

Posted 12 March 2014 - 04:55 AM

Member

Topic Starter
Member
60 posts

I downloaded and ran Malwarebytes. Here is the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.12.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHN-PC [administrator]

3/11/2014 10:16:07 PM
mbam-log-2014-03-11 (22-16-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213989
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Detected: 1
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> 1276 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 39
HKLM\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKCR\CLSID\{5cde78ae-e49c-4aab-b1ba-80e5324a1987} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{b0d9f330-876f-46c9-808b-dea273d9c76f} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCR\Interface\{009351A4-77F9-4184-BAAA-672F2E27D939} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CDE78AE-E49C-4AAB-B1BA-80E5324A1987} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CDE78AE-E49C-4AAB-B1BA-80E5324A1987} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CDE78AE-E49C-4AAB-B1BA-80E5324A1987} (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.FakeAV) -> Quarantined and deleted successfully.
HKCR\Speed Test 127.BackgroundHostObject (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\Speed Test 127.BackgroundHostObject.1 (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\Speed Test 127.Navbar (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\Speed Test 127.Navbar.1 (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\Speed Test 127.ScriptHostObject (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\Speed Test 127.ScriptHostObject.1 (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\Speed Test 127.Tool (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\Speed Test 127.Tool.1 (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\JollyWallet (PUP.Optional.Jollywallet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MediaPlayerV1alpha831 (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MediaViewV1alpha7893 (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3013E03D-89D5-4580-8560-DB198297CC29} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{53FDCCB0-2404-4274-9002-5A3A1FD40426} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F2F1AE7C-149B-46D3-9498-12572C7AFE11} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Test 127 (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha7893 (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88dbc45-6ef4-493c-a615-4b247cb0ed44} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{d88dbc45-6ef4-493c-a615-4b247cb0ed44} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{6e6d85d9-efee-42b9-bb13-ea5b5dbf2562} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCR\Interface\{A3AA4706-E156-4566-BA69-FDB7BC1BC8E5} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D88DBC45-6EF4-493C-A615-4B247CB0ED44} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D88DBC45-6EF4-493C-A615-4B247CB0ED44} (PUP.Optional.MediaPlayerAlpha.A) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AdobeUpdater (Trojan.Dropper) -> Data: C:\Users\John\AppData\Roaming\Adobe\AdobeUpdaterInstallMgr.exe /Service -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vmware-unity (Trojan.Ransom.Blocker) -> Data: C:\Windows\system32\config\systemprofile\AppData\Roaming\vmware-unity.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Nvidia (Trojan.Agent) -> Data: wscript.exe "C:\Microsoft_SDK\lib\include\cc1xb.js" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|[email protected] (PUP.Optional.MediaPlayerAlpha.A) -> Data: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha831\ff -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|[email protected] (PUP.Optional.MediaView.A) -> Data: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 38
C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Microsoft_SDK\lib\include (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127 (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893 (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ch (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome\content (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome\content\icons (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome\content\icons\default (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ie (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Files Detected: 242
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Delete on reboot.
C:\Users\John\AppData\Roaming\Adobe\AdobeUpdaterInstallMgr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\vmware-unity.exe (Trojan.Ransom.Blocker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ie\MediaViewV1alpha7893.dll (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\ProgramData\781287A80008C96702A766874F147CE7\781287A80008C96702A766874F147CE7.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\ProgramData\781287A80008C96702A76687E56C34C7\781287A80008C96702A76687E56C34C7.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\John\Desktop\converterlite_d1102639.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Windows\System32\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Quarantined and deleted successfully.
C:\Users\John\Downloads\PCPerformerSetup (1).exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\John\Downloads\PCPerformerSetup.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\John\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.
C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Microsoft_SDK\lib\include\cc1xb.js (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Microsoft_SDK\lib\include\cc1xb.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib.dll (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib64.dll (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\background.html (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\BackgroundHost.exe (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\BackgroundHost64.exe (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\button.js (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\ButtonSite.dll (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\ButtonSite64.dll (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\config.xml (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\content.js (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\DeskTopIcon.ico (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon128.ico (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon128.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon16.ico (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon16.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon18.ico (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon18.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon24.ico (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon24.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon32.ico (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon32.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon48.ico (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon48.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon64.ico (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\icon64.png (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\jquery-1.9.1.min.js (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\json2.min.js (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\options.htm (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\rjs.js (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\uninst.exe (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\uninstall.exe (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\updater.js (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speed Test 127\updaterWrapper.js (PUP.Optional.SpeedTest.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\uninstall.exe (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ch\MediaViewV1alpha7893.crx (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome.manifest (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\install.rdf (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome\content\ffMediaViewV1alpha7893.js (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome\content\ffMediaViewV1alpha7893ffaction.js (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome\content\overlay.xul (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome\content\icons\Thumbs.db (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ff\chrome\content\icons\default\MediaViewV1alpha7893_32.png (PUP.Optional.MediaView.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\18x18.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\background.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\blank.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\manifest.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\manifest_no_button.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\new_tab.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\search_box.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\injection.css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\jquery-ui-1.8.16.custom.css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_222222_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_454545_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_888888_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\help.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons\Bing.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons\Google.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons\Search here.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\engines_icons\Yahoo.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\bullet_arrow_down.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\bullet_arrow_down_old.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\icon.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search-inner-wrapper.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search-left.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_arrow_top_button.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_arrow_top_button_hovered.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_left_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_left_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_right_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_bottom_right_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_left_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_left_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_middle_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_right_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_right_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_left_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_left_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_right_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\images\injection\search_top_right_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\bg.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\ConfigManager.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\content.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\InjectionManager.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\jquery-1.7.1.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\jquery-ui-1.8.16.custom.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\jquery.guid.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\newTab.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\js\SearchBox.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\18x18.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\background.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\blank.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\manifest.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\manifest_no_button.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\new_tab.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\search_box.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\injection.css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\jquery-ui-1.8.16.custom.css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-icons_222222_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-icons_454545_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-icons_888888_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\help.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\engines_icons\Bing.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\engines_icons\Google.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\engines_icons\Search here.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\engines_icons\Yahoo.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\bullet_arrow_down.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\bullet_arrow_down_old.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\icon.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search-inner-wrapper.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search-left.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_arrow_top_button.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_arrow_top_button_hovered.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_bottom_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_bottom_left_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_bottom_left_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_bottom_right_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_bottom_right_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_left_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_left_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_middle_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_right_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_right_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_top_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_top_left_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_top_left_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_top_right_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\images\injection\search_top_right_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\bg.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\ConfigManager.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\content.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\InjectionManager.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\jquery-1.7.1.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\jquery-ui-1.8.16.custom.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\jquery.guid.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\newTab.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\ScriptChecker.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\ScriptInjector.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\js\SearchBox.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\18x18.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\background.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\blank.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest_no_button.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\new_tab.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\search_box.html (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\injection.css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\jquery-ui-1.8.16.custom.css (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_222222_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_454545_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_888888_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\help.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Bing.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Google.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Search here.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Yahoo.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down_old.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\icon.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-inner-wrapper.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-left.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button_hovered.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_middle_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_bottom_border_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_bg.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_before_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_corner.png (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\bg.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ConfigManager.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\content.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\InjectionManager.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-1.7.1.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-ui-1.8.16.custom.min.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery.guid.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\newTab.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptChecker.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptInjector.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\SearchBox.js (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

(end)

#7
mckinney7

Posted 12 March 2014 - 05:06 AM

Member

Topic Starter
Member
60 posts

I downloaded and ran FRST. Here are the three logs you requested:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by John (administrator) on JOHN-PC on 12-03-2014 06:01:14
Running from C:\Users\John\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(WildTangent, Inc.) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-01] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-01] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2012-06-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Run: [Google Update] - C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-11] (Google Inc.)
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-11] (Google Inc.)
HKU\S-1-5-21-3082703480-1980997582-769674337-1000\...\Policies\Explorer: [HideSCAHealth] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll No File
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Video Player - {38f05420-132e-4103-866e-d41afa404d24} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ie\VideoPlayerV3beta5635.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 173.244.132.86 173.244.132.254
Tcpip\..\Interfaces\{81F105C5-75F7-4B34-BD57-6B3F15F03039}: [NameServer]76.73.7.75,107.6.133.7
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]76.73.7.75,107.6.133.7
Tcpip\..\Interfaces\{F19EA1D7-803A-4B44-B142-1BA0BAACFDCE}: [NameServer]76.73.7.75,107.6.133.7

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.150.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U15) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-12]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-12]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-19]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-02]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-12]
CHR HKLM-x32\...\Chrome\Extension: [ebplnjmfmakhhedomfffdiekifpdffnd] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha7893\ch\MediaViewV1alpha7893.crx [2012-05-12]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-06-19]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [oobclncfihjeobfooihfhglbfloocnkg] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ch\VideoPlayerV3beta5635.crx [2011-12-12]
CHR StartMenuInternet: Google Chrome - C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5721600 2014-01-22] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [754688 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [811008 2014-02-04] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-12 06:01 - 2014-03-12 06:01 - 00015685 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-12 06:00 - 2014-03-12 06:01 - 00000000 ____D () C:\FRST
2014-03-12 06:00 - 2014-03-12 06:00 - 00001392 _____ () C:\Users\John\Desktop\FRST64 - Shortcut.lnk
2014-03-12 05:59 - 2014-03-12 05:59 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-12 05:57 - 2014-03-12 05:57 - 01145856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-03-11 21:49 - 2014-03-11 21:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 21:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-11 21:42 - 2014-03-11 21:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 21:10 - 2014-03-10 21:12 - 01949184 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe
2014-03-10 20:45 - 2014-03-10 20:45 - 00000803 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-10 20:37 - 2014-03-12 06:00 - 00000003 _____ () C:\ProgramData\2psvc31.nls
2014-03-10 20:33 - 2014-03-10 20:33 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe
2014-03-10 19:50 - 2014-03-10 19:50 - 00000000 ____D () C:\_OTL
2014-03-10 19:47 - 2014-03-10 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL (1).exe
2014-03-09 15:54 - 2014-03-10 22:29 - 00079660 _____ () C:\Users\John\Downloads\OTL.Txt
2014-03-09 15:54 - 2014-03-09 15:54 - 00054676 _____ () C:\Users\John\Downloads\Extras.Txt
2014-03-09 15:44 - 2014-03-09 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe
2014-03-09 15:26 - 2014-03-09 22:21 - 00000003 _____ () C:\d31.nls
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-03-09 14:53 - 2014-03-09 14:53 - 05187267 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2014-03-09 14:00 - 2014-03-09 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 13:53 - 2014-03-09 13:53 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-09 13:38 - 2014-03-10 22:13 - 00000000 ____D () C:\AdwCleaner
2014-03-09 13:37 - 2014-03-09 13:38 - 01244192 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-03-09 13:27 - 2014-03-09 13:43 - 00000003 _____ () C:\ProgramData\ Office Diagnostics Service31.nls
2014-03-09 13:24 - 2014-03-09 13:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\John\Downloads\revosetup.exe
2014-03-09 13:24 - 2014-03-09 13:24 - 00001264 _____ () C:\Users\John\Desktop\Revo Uninstaller.lnk
2014-03-09 13:24 - 2014-03-09 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-09 13:17 - 2014-03-11 22:35 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1

==================== One Month Modified Files and Folders =======

2014-03-12 06:01 - 2014-03-12 06:01 - 00015685 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-12 06:01 - 2014-03-12 06:00 - 00000000 ____D () C:\FRST
2014-03-12 06:01 - 2012-05-11 02:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 06:00 - 2014-03-12 06:00 - 00001392 _____ () C:\Users\John\Desktop\FRST64 - Shortcut.lnk
2014-03-12 06:00 - 2014-03-10 20:37 - 00000003 _____ () C:\ProgramData\2psvc31.nls
2014-03-12 05:59 - 2014-03-12 05:59 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-12 05:57 - 2014-03-12 05:57 - 01145856 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2014-03-12 05:53 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 05:53 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 05:50 - 2009-07-14 00:13 - 00726142 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-12 05:46 - 2012-05-11 02:08 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 05:45 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 05:45 - 2009-07-13 23:51 - 00207754 _____ () C:\Windows\setupact.log
2014-03-11 23:36 - 2012-05-11 02:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 23:24 - 2012-05-12 17:00 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA.job
2014-03-11 22:38 - 2012-05-10 19:27 - 00415008 _____ () C:\Windows\PFRO.log
2014-03-11 22:35 - 2014-03-09 13:17 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-11 22:35 - 2012-07-31 12:41 - 00000000 ____D () C:\ProgramData\781287A80008C96702A76687E56C34C7
2014-03-11 22:35 - 2012-07-31 00:04 - 00000000 ____D () C:\ProgramData\781287A80008C96702A766874F147CE7
2014-03-11 22:35 - 2012-05-10 23:03 - 00000000 ____D () C:\Users\John\AppData\Roaming\Adobe
2014-03-11 22:35 - 2012-05-10 19:36 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 22:13 - 2012-05-11 18:19 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-03-11 21:49 - 2014-03-11 21:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 21:48 - 2014-03-11 21:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 21:46 - 2014-03-11 21:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 22:29 - 2014-03-09 15:54 - 00079660 _____ () C:\Users\John\Downloads\OTL.Txt
2014-03-10 22:13 - 2014-03-09 13:38 - 00000000 ____D () C:\AdwCleaner
2014-03-10 21:12 - 2014-03-10 21:10 - 01949184 _____ () C:\Users\John\Downloads\AdwCleaner (1).exe
2014-03-10 20:45 - 2014-03-10 20:45 - 00000803 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-10 20:33 - 2014-03-10 20:33 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT (1).exe
2014-03-10 20:27 - 2014-01-30 19:43 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-10 20:22 - 2014-01-22 21:18 - 00000003 _____ () C:\ProgramData\31.nls
2014-03-10 19:50 - 2014-03-10 19:50 - 00000000 ____D () C:\_OTL
2014-03-10 19:47 - 2014-03-10 19:47 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL (1).exe
2014-03-10 19:30 - 2009-07-13 20:05 - 04093952 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-03-09 22:21 - 2014-03-09 15:26 - 00000003 _____ () C:\d31.nls
2014-03-09 21:51 - 2012-06-07 20:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-09 18:26 - 2012-05-12 17:01 - 00002321 _____ () C:\Users\John\Desktop\Google Chrome.lnk
2014-03-09 15:54 - 2014-03-09 15:54 - 00054676 _____ () C:\Users\John\Downloads\Extras.Txt
2014-03-09 15:44 - 2014-03-09 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe
2014-03-09 15:17 - 2009-11-01 00:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-09 14:59 - 2014-03-09 14:59 - 00000000 ____D () C:\Windows\erdnt
2014-03-09 14:53 - 2014-03-09 14:53 - 05187267 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2014-03-09 14:00 - 2014-03-09 14:00 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 13:53 - 2014-03-09 13:53 - 01037734 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-09 13:46 - 2012-05-11 05:37 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-03-09 13:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration
2014-03-09 13:43 - 2014-03-09 13:27 - 00000003 _____ () C:\ProgramData\ Office Diagnostics Service31.nls
2014-03-09 13:43 - 2012-08-18 00:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-09 13:43 - 2012-05-12 17:00 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core.job
2014-03-09 13:38 - 2014-03-09 13:37 - 01244192 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-03-09 13:31 - 2012-05-11 02:08 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-09 13:31 - 2012-05-11 02:08 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-09 13:24 - 2014-03-09 13:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\John\Downloads\revosetup.exe
2014-03-09 13:24 - 2014-03-09 13:24 - 00001264 _____ () C:\Users\John\Desktop\Revo Uninstaller.lnk
2014-03-09 13:24 - 2014-03-09 13:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-09 13:23 - 2013-10-01 20:59 - 00000000 ____D () C:\Users\John\AppData\Local\avgchrome
2014-03-09 13:19 - 2012-05-12 17:00 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA
2014-03-09 13:19 - 2012-05-12 17:00 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core
2014-03-09 13:18 - 2014-01-30 19:43 - 00000162 _____ () C:\extensions.ini
2014-03-09 13:18 - 2013-09-29 15:43 - 00000258 __RSH () C:\Users\John\ntuser.pol
2014-03-09 13:18 - 2012-05-10 19:30 - 00000000 ____D () C:\Users\John
2014-03-09 13:17 - 2012-05-11 05:37 - 00995328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-03-09 13:16 - 2013-06-05 18:26 - 00003398 _____ () C:\Windows\System32\Tasks\BrowseForTheCauseUpdate
2014-03-09 13:15 - 2009-07-13 18:19 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

Files to move or delete:
====================
C:\ProgramData\ras_0oed.pad

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 21:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by John at 2014-03-12 06:01:58
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
AVG 2012 (HKLM\...\AVG) (Version: 2012.0.2197 - AVG Technologies)
AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browse for the Cause (HKLM-x32\...\BrowseForTheCause) (Version: - ) <==== ATTENTION
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.6.51 - Conexant)
ConverterLite 1.6.3 (HKLM-x32\...\ConverterLite) (Version: 1.6.3 - ConverterLite)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.2111 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3325 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3325 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1005 - CyberLink Corp.)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1005 - CyberLink Corp.) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Enolsoft Video Converter 3.6.0.0 (HKLM-x32\...\{B0F97B00-8C18-4179-A50F-5C3853FFFD38}}_is1) (Version: - Enolsoft Co., Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{EF48631A-7F45-430A-8AD3-B41CFB1D7596}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java™ 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java™ 6 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
JollyWallet (HKLM-x32\...\JollyWallet) (Version: 1.24.151.151 - JollyWallet)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player (HKLM-x32\...\MediaPlayerV1alpha831) (Version: 1.1 - Media Player)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)
OneTab (HKLM-x32\...\OneTab) (Version: - )
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Restore Points =========================

03-07-2013 18:43:15 Installed Wizard101
16-07-2013 03:17:00 Scheduled Checkpoint
08-02-2014 04:38:23 PC Performer Fri, Feb 07, 14 22:38
09-03-2014 18:26:36 Revo Uninstaller's restore point - Live Security Platinum
09-03-2014 20:15:58 Removed Norton Online Backup

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-03-10 20:10 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {078D22A6-6177-47AD-AF7D-6B77AD8CFEDA} - System32\Tasks\BrowseForTheCauseUpdate => C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe <==== ATTENTION
Task: {0AAD4595-F3EC-478B-8947-B907FF5F466E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3082703480-1980997582-769674337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {0C868E18-04F8-49D6-9B85-1EE720BBDF02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0FABB18A-8B2E-4455-A02A-A47C9651151F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {18EB14FE-96BC-4459-9C8D-183B4CBBE110} - \YourFile Update No Task File
Task: {1BAD86B8-63DC-4A76-8E3C-5277306503A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {20C4017C-8D00-482E-AF43-3AD064D273BF} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {29235771-19EA-40DB-8FC0-3FEA3CA22EA0} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {29B9DF8F-A30C-4016-B200-E50739F2E4DF} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {330A52A3-C5E0-4821-AC24-8C5A0F4993E1} - \PC Performer_DEFAULT No Task File
Task: {3E0F4F84-289C-4026-8155-169046DEF590} - \AmiUpdXp No Task File
Task: {4499C9A6-7886-474C-8495-1D06389AEC6B} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {53C76335-9511-427D-A8E4-54E1B8A0DE84} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3082703480-1980997582-769674337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {93FEACA8-0C5E-402F-8E0C-A95443538011} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2014-02-03] (Hewlett-Packard Co.)
Task: {969C5BFD-AE85-4D32-B182-8DF06ABD6663} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {97779F9B-15E0-4D70-A832-D21F19ACF277} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {A08BA914-DF53-484F-BCBA-FDBE218EB81B} - \PC Performer_UPDATES No Task File
Task: {B675B57A-EE72-4F9B-BF2E-1C2293B5F498} - System32\Tasks\PhotoProduct.exe => C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe [2010-07-01] (Visan / RocketLife)
Task: {C44F856E-3607-4F11-88A6-FF228676AC83} - System32\Tasks\DTReg => C:\Users\John\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {E72D6025-3FDD-41C6-B06A-23CEAC1BAAC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {E9FAA79A-D347-4822-BA62-DE9F3E9F523A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)
Task: {FC399CF8-C6AC-4D52-BE76-41B875B77749} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {FDB31C9E-E9E0-4087-B28E-E46155E9E413} - \PC Performer No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082703480-1980997582-769674337-1000UA.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-01 03:05 - 2014-02-04 15:10 - 00811008 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-07-28 18:08 - 2011-07-28 18:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-07-01 17:44 - 2009-07-01 17:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2012-02-20 23:29 - 2012-02-20 23:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 23:28 - 2012-02-20 23:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-28 18:09 - 2011-07-28 18:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-03-09 18:26 - 2014-03-01 21:35 - 00051016 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-09 18:26 - 2014-03-01 21:35 - 00716616 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-09 18:26 - 2014-03-01 21:35 - 00100168 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-09 18:26 - 2014-03-01 21:35 - 04061000 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-09 18:26 - 2014-03-01 21:35 - 00394568 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-09 18:26 - 2014-03-01 21:35 - 01647432 _____ () C:\Users\John\AppData\Local\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Internet Access Server
Description: Internet Access Server
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2014 06:02:22 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/12/2014 05:59:01 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/12/2014 05:54:49 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/12/2014 05:51:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (03/12/2014 05:50:34 AM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/12/2014 05:45:07 AM) (Source: Bonjour Service) (User: )
Description: Local Hostname John-PC.local already in use; will try John-PC-2.local instead

Error: (03/12/2014 05:45:07 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 John-PC.local. Addr 192.168.1.123

Error: (03/12/2014 05:45:06 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.112:5353 4 john-PC.local. Addr 192.168.1.112

Error: (03/11/2014 11:40:53 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/11/2014 11:36:40 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)

System errors:
=============
Error: (03/12/2014 05:48:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

Error: (03/12/2014 05:46:20 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/12/2014 05:46:20 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/12/2014 05:45:54 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/12/2014 05:45:33 AM) (Source: Service Control Manager) (User: )
Description: The hpqwmiex service failed to start due to the following error:
%%1053

Error: (03/12/2014 05:45:33 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.

Error: (03/12/2014 05:45:05 AM) (Source: NetBT) (User: )
Description: The name "JOHN-PC :20" could not be registered on the interface with IP address 192.168.1.123.
The computer with the IP address 192.168.1.112 did not allow the name to be claimed by
this computer.

Error: (03/12/2014 05:45:05 AM) (Source: NetBT) (User: )
Description: The name "JOHN-PC :0" could not be registered on the interface with IP address 192.168.1.123.
The computer with the IP address 192.168.1.112 did not allow the name to be claimed by
this computer.

Error: (03/12/2014 05:45:05 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{81F105C5-75F7-4B34-BD57-6B3F15F03039} because another computer on the network has the same name. The server could not start.

Error: (03/12/2014 05:45:02 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-03-12 06:01:29.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-12 06:01:29.236
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-12 06:01:29.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-12 06:01:28.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-11 22:18:54.627
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-11 22:18:54.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-11 22:18:54.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-10 22:22:52.259
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-10 22:22:52.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-03-10 22:22:52.012
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1979.2 MB
Available physical RAM: 1026.34 MB
Total Pagefile: 3958.39 MB
Available Pagefile: 2649.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.4 GB) (Free:173.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.29 GB) (Free:2.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (THE_TWO_TOWERS_D2) (CDROM) (Total:4.1 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 0393754D)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Users shortcut scan result (x64) Version: 11-03-2014
Ran by John at 2014-03-12 06:02:40
Running from C:\Users\John\Downloads
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk -> C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk -> C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Call.lnk -> C:\Program Files (x86)\Windows Live\Messenger\wlcstart.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Messenger .lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\PowerRecover.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk -> C:\Program Files (x86)\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Trimmer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}\PictureViewer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk -> C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee\Create instant home movies.lnk -> C:\Program Files (x86)\muvee Technologies\muvee Reveal - SE\muveereveal.exe (muvee Technologies Pte Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee\Quick Tour.lnk -> C:\Program Files (x86)\muvee Technologies\muvee Reveal - SE\reveal_quicktour\deploy_ready\launchquicktour.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Getting Started.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\gtngstrtd.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Word Processor.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe (Microsoft® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office - 60 Day Trial.lnk -> C:\Program Files (x86)\Microsoft Office Suite Activation Assistant\OAA.exe (Digital River Inc. )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Smart Web Printing\HP Smart Web Printing Help.lnk -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\Help\hpsmartprint.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\Help.lnk -> C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\HP Scan.lnk -> C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetupLauncher.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\Product Support Website.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\ProductSupportShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\AdvisorVideo.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\AdvisorVideo\Doc.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enolsoft\Enolsoft Video Converter\Enolsoft Video Converter Help.lnk -> C:\Program Files (x86)\Enolsoft\Enolsoft Video Converter\enolsoftvideoconverter.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enolsoft\Enolsoft Video Converter\Enolsoft Video Converter on the Web.lnk -> C:\Program Files (x86)\Enolsoft\Enolsoft Video Converter\product.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enolsoft\Enolsoft Video Converter\Enolsoft Video Converter.lnk -> C:\Program Files (x86)\Enolsoft\Enolsoft Video Converter\Video Converter.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enolsoft\Enolsoft Video Converter\Uninstall Enolsoft Video Converter.lnk -> C:\Program Files (x86)\Enolsoft\Enolsoft Video Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Plus Player.lnk -> C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8\CyberLink PowerDVD 8.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8\PowerDVD 8 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Enu\PowerDVD8.CHM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaShow\MediaShow.lnk -> C:\Program Files (x86)\CyberLink\MediaShow\MediaShow.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\CyberLink DVD Suite.lnk -> C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite\PowerDirector.lnk -> C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Coupons.com - Print Coupons.lnk -> C:\Program Files (x86)\Coupons\CouponsCom.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk -> C:\Program Files (x86)\Coupons\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConverterLite\ConverterLite.lnk -> C:\Program Files (x86)\ConverterLite\converterlite.exe (ConverterLite)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConverterLite\README.txt.lnk -> C:\Program Files (x86)\ConverterLite\README.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConverterLite\Uninstall.lnk -> C:\Program Files (x86)\ConverterLite\uninstall-converterlite.exe (ConverterLite)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse for the Cause\Toggle Icon Visibility.lnk -> C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2012.lnk -> C:\Program Files (x86)\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{b6602113-b3c7-45a1-a9f3-d54cfd381d30}\SupportTasks\0\Game Console.lnk -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsole.ico ()
Shortcut: C:\ProgramData\Hewlett-Packard\Recovery\Links\RM.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\John\Pictures\Pictures - Shortcut.lnk -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms ()
Shortcut: C:\Users\John\Links\Desktop.lnk -> C:\Users\John\Desktop ()
Shortcut: C:\Users\John\Links\Downloads.lnk -> C:\Users\John\Downloads ()
Shortcut: C:\Users\John\Desktop\Enolsoft Video Converter.lnk -> C:\Program Files (x86)\Enolsoft\Enolsoft Video Converter\Video Converter.exe ()
Shortcut: C:\Users\John\Desktop\FRST64 - Shortcut.lnk -> C:\Users\John\Downloads\FRST64.exe (Farbar)
Shortcut: C:\Users\John\Desktop\Google Chrome.lnk -> C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\John\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\John\Desktop\Sync Folder.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\John\AppData\Local\Microsoft\Windows\GameExplorer\{b6602113-b3c7-45a1-a9f3-d54cfd381d30}\SupportTasks\0\Game Console.lnk -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsole.ico ()
Shortcut: C:\Users\Public\Desktop\AVG 2012.lnk -> C:\Program Files (x86)\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
Shortcut: C:\Users\Public\Desktop\ConverterLite.lnk -> C:\Program Files (x86)\ConverterLite\converterlite.exe (ConverterLite)
Shortcut: C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk -> C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Public\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk -> C:\Program Files (x86)\Microsoft Office Suite Activation Assistant\OAA.exe (Digital River Inc. )
Shortcut: C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Reset VLC media player preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to Direct3D (no hardware acceleration).lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --vout direct3d --overlay --no-directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to Direct3D.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --vout direct3d --overlay --directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX (no hardware acceleration).lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --vout directx --no-overlay --no-directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX (no video overlay).lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --vout directx --no-overlay --directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to DirectX.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --vout directx --overlay --directx-hw-yuv --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Video\Set Video mode to OpenGL.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --vout opengl --overlay --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Interface\Set Main Interface to Qt (default).lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> -I qt --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Interface\Set Main Interface to Skinnable.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> -I skins --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Audio\Set Audio mode to DirectX (default).lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --aout aout_directx --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Quick Settings\Audio\Set Audio mode to Waveout.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --aout waveout --save-config vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {0E64B098-8018-4256-BA23-C316A43AD9B0} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 9.1 /DDV 0x0800
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /qb /x {F2C07BE3-0F88-4D0C-957B-3557699981E9}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HP Setup.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> DESKTOP
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\HPAdvisor.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCAlerts.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=PC_ACTION_CENTER TOUCHPOINT=STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDashboard.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=PC_HEALTH_SECURITY TOUCHPOINT=STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDiscovery.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=STANDARD,SYSTRAY pillar=ECENTER TOUCHPOINT=STARTMENU
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Advisor\PCDock.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard) -> view=DOCKVIEW,SYSTRAY
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- HP Game Console -.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\bb2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bob the Builder Can-Do-Zoo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\BobTheBuilder Zoo-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diner Dash.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Diner Dash\Diner Dash-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Family Feud 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Family Feud 3\FamilyFeud3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Monopoly.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Monopoly\MonopolyPB-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - The New York Fortune.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\MysteryPINewYork-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Peggle Nights.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Peggle Nights\PeggleNights-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies\PlantsVsZombies-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Scrabble.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Scrabble\GHScrabble-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\THE GAME OF LIFE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\THE GAME OF LIFE\THE GAME OF LIFE by Hasbro-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Totem Tribe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Families.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Families\Virtual Families-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Yahtzee.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Yahtzee\Yahtzee-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Check for Updates.lnk -> C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, Inc.) -> /start=update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Plus Converter.lnk -> C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe (DivX, Inc.) -> SW_SHOWNORMAL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Register.lnk -> C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, Inc.) -> /start=registration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8\Online registration.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD8\OLRSubmission\OLRSubmission.exe () -> /LANG:Enu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e38419b2-bbf4-4525-9fe9-1a5687a05715}\PlayTasks\0\Peggle Nights.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Peggle Nights\PeggleNights-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e3639c24-8eff-4eb9-af05-0b7269601b83}\PlayTasks\0\Plants vs. Zombies.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies\PlantsVsZombies-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e2e027cb-702b-4c0a-9989-aaa5a894ba0d}\PlayTasks\0\Diner Dash.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Diner Dash\Diner Dash-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{db99c2dc-ace4-4f72-aea0-be38b40c0540}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d8201099-7318-4611-910a-78b4e5a8bcbd}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d779dc06-0ce9-4cdc-abd9-f2bd2b11b0fa}\PlayTasks\0\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d63c8f23-b235-41a1-999d-c7d8ea1a7c80}\PlayTasks\0\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d5396f9a-d968-4717-a850-6e1fb9eebb00}\PlayTasks\0\Blasterball 2 Revolution.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 2 Revolution\bb2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d4db71bf-5157-4a48-ae2d-0f87a09662f8}\PlayTasks\0\Scrabble.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Scrabble\GHScrabble-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d1ca6a92-4cb1-4fc3-855f-abcf7338c07f}\PlayTasks\0\Family Feud 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Family Feud 3\FamilyFeud3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d0a22a3b-6386-483b-9d2e-716dc28a7b7a}\PlayTasks\0\THE GAME OF LIFE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\THE GAME OF LIFE\THE GAME OF LIFE by Hasbro-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c4214208-dae1-4741-81f3-a33e5789871d}\PlayTasks\0\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b96b5a3d-cc0e-4304-bceb-3084af616b67}\PlayTasks\0\Monopoly.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Monopoly\MonopolyPB-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b6602113-b3c7-45a1-a9f3-d54cfd381d30}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b2a0720f-164e-4de1-ba1e-9f9ef1af828f}\PlayTasks\0\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{af4dd830-da93-480f-9ed5-3db39373834f}\PlayTasks\0\Yahtzee.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Yahtzee\Yahtzee-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{aacdcf98-5492-455c-860e-81f724b5d1c8}\PlayTasks\0\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{95dd4657-16e4-4196-af57-4b232798c304}\PlayTasks\0\Bob the Builder Can-Do-Zoo.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bob the Builder Can-Do-Zoo\BobTheBuilder Zoo-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{92cf6136-d411-4c68-90a2-d5cd990b28df}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{76d22521-9769-45ec-96be-443fba84dfe3}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{51941625-bded-4dcd-bea7-a123606ce41c}\PlayTasks\0\Mystery P.I. - The New York Fortune.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\MysteryPINewYork-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3d575eb6-89ab-4fad-8221-5cba8974c31d}\PlayTasks\0\Totem Tribe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{39937aab-1cce-4767-8ab7-7fc855bf0068}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2e90e3c5-229c-4672-93aa-f0d111356749}\PlayTasks\0\Dora's Carnival Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\dora-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2d41118d-a406-44a4-af44-1ac89665bde6}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{107667bd-924e-4470-b3a2-d6822060d843}\PlayTasks\0\FATE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{00a94658-8950-4d9d-a119-17289668a04a}\PlayTasks\0\Virtual Families.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Families\Virtual Families-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Apps.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallApp
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\DelRP.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /DelRP
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Driver.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallDriver
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Report.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /RecoveryReport
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\RMC.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /CDCreator
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\HP Setup\launchreg.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=REGISTRATION
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\base\launch_base.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\John\AppData\Roaming\Real\RealPlayer\History\Give Your Heart a Break.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /startpos:00:00:00.0 file://C:/Users/John/Downloads/Give Your Heart a Break.mp3
ShortcutWithArgument: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\John\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\John\AppData\Local\Microsoft\Windows\GameExplorer\{d63c8f23-b235-41a1-999d-c7d8ea1a7c80}\PlayTasks\0\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\John\AppData\Local\Microsoft\Windows\GameExplorer\{c4214208-dae1-4741-81f3-a33e5789871d}\PlayTasks\0\Virtual Villagers - The Secret City.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Virtual Villagers - The Secret City-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\John\AppData\Local\Microsoft\Windows\GameExplorer\{b96b5a3d-cc0e-4304-bceb-3084af616b67}\PlayTasks\0\Monopoly.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Monopoly\MonopolyPB-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\John\AppData\Local\Microsoft\Windows\GameExplorer\{b6602113-b3c7-45a1-a9f3-d54cfd381d30}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\WinBej2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\John\AppData\Local\Microsoft\Windows\GameExplorer\{107667bd-924e-4470-b3a2-d6822060d843}\PlayTasks\0\FATE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Public\Desktop\DivX Plus Converter.lnk -> C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe (DivX, Inc.) -> SW_SHOWNORMAL
ShortcutWithArgument: C:\Users\Public\Desktop\Play HP Games.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem
ShortcutWithArgument: C:\Users\Public\Desktop\RealPlayer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /launch:desktop

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=pandora&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP Software Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hp_softwarestore&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_US&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pandora&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\Florence + the Machine Live at the Royal Albert Hall - YouTube.url -> hxxp://www.youtube.com/watch?v=lZFfOuO_0o4&feature=related
InternetURL: C:\Users\John\Favorites\HP Software Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hp_softwarestore&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\Keep It!.url -> hxxp://keepvid.com/
InternetURL: C:\Users\John\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\John\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\John\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\John\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\John\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\John\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\John\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\John\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\John\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\John\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\John\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\John\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\John\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\John\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\John\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\John\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\John\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\John\Favorites\Links\Netflix.url -> hxxp://movies.netflix.com/WiHome
InternetURL: C:\Users\John\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_US&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\Pandora Internet Radio.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pandora&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_us&bd=all&c=101
InternetURL: C:\Users\John\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_us&bd=all&c=101

==================== End of log =============================

#8
mckinney7

Posted 12 March 2014 - 05:14 AM

Member

Topic Starter
Member
60 posts

Hi again,

I wanted to let you know that during my last visit to the internet I did not see any popups or advertisements. That is a very good sign!

Melanie

#9
JSntgRvr

Posted 13 March 2014 - 10:28 AM

Global Moderator

Global Moderator
11,579 posts

That is great. :thumbsup:

We still however, have to check some issues.

Please remove the following programs throughout the Control Panel if present:

Browse for the Cause
Coupon Printer for Windows
Video Player

Download the enclosed file.

Save it in the same location FRST is saved.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the same location FRST is saved, (Fixlog.txt). Please post it to your reply

While on FRST, type the following in the edit box, after "Search:".

svchost.exe;services.exe

It then should look like:

Search: svchost.exe;services.exe

Click Search button and post the log (Search.txt) it makes in the same location FRST is saved, in your next reply.

#10
mckinney7

Posted 14 March 2014 - 06:47 AM

Member

Topic Starter
Member
60 posts

Hi Again,

I found all of the programs you mentioned listed in my programs section of Control Panel. However, whenever I tried to uninstall each of them, I got this message:

"An error occurred while trying to install [program name]. It may have already been uninstalled. Would you like to remove [program name] from the Programs & Features list?"

Browse for the Cause was the only one that showed a size, which was 3.91 MB. That spot was empty for the other two programs.

I see they are also listed on Revo Uninstaller. Should I try to uninstall them with that program?

Also, two things are happening which I think I should mention: 1. An window comes up periodically that says "Not running genuine windows" and I am supposed to click for "them" to check it out. 2. When I click on the Chrome icon for the first time, a different website always comes up like a phony homepage. Today it had an advertisement on it. I didn't write down the site, but after I send this reply, I will close out and log back in to see what it is. Then I will send the site to you.

I haven't followed any of the other instructions yet, since I thought you wanted these programs taken care of first.

Thanks!

#11
mckinney7

Posted 14 March 2014 - 06:53 AM

Member

Topic Starter
Member
60 posts

Here is the phony homepage address (at least it looks phony):
http://search.condui...A4B129E7B&SSPV=

One other thing happened which may or may not be related. The program compatibility assistant has come up twice with the following message about Revo Uninstaller: "This program may not have installed correctly." Then it gives two options: 1 - reinstall using recommended settings or 2 - This program installed correctly.

I will wait to hear from you.

Thanks!

Melanie

#12
JSntgRvr

Posted 14 March 2014 - 10:27 AM

Global Moderator

Global Moderator
11,579 posts

One other thing happened which may or may not be related. The program compatibility assistant has come up twice with the following message about Revo Uninstaller: "This program may not have installed correctly." Then it gives two options: 1 - reinstall using recommended settings or 2 - This program installed correctly.

Remove the program.

"An error occurred while trying to install [program name]. It may have already been uninstalled. Would you like to remove [program name] from the Programs & Features list?"

Select Yes.

Did you download the fixlist.txt above and ran FRST? I will need to see the FRST report. Also perform the search requested.

There are still issues we must take care of.

#13
mckinney7

Posted 15 March 2014 - 03:52 PM

Member

Topic Starter
Member
60 posts

Hello,

I ran FRST and clicked on "fix." Here is the log that it generated afterward.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by John at 2014-03-15 16:26:06 Run:1
Running from C:\Users\John\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll No File
BHO-x32: Video Player - {38f05420-132e-4103-866e-d41afa404d24} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5635\ie\VideoPlayerV3beta5635.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
C:\ProgramData\ras_0oed.pad
C:\Users\John\AppData\Local\Temp\Quarantine.exe
Task: {078D22A6-6177-47AD-AF7D-6B77AD8CFEDA} - System32\Tasks\BrowseForTheCauseUpdate => C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe <==== ATTENTION
Task: {18EB14FE-96BC-4459-9C8D-183B4CBBE110} - \YourFile Update No Task File
Task: {330A52A3-C5E0-4821-AC24-8C5A0F4993E1} - \PC Performer_DEFAULT No Task File
Task: {3E0F4F84-289C-4026-8155-169046DEF590} - \AmiUpdXp No Task File
Task: {A08BA914-DF53-484F-BCBA-FDBE218EB81B} - \PC Performer_UPDATES No Task File
Task: {C44F856E-3607-4F11-88A6-FF228676AC83} - System32\Tasks\DTReg => C:\Users\John\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {FDB31C9E-E9E0-4087-B28E-E46155E9E413} - \PC Performer No Task File
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Coupons.com - Print Coupons.lnk -> C:\Program Files (x86)\Coupons\CouponsCom.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk -> C:\Program Files (x86)\Coupons\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse for the Cause\Toggle Icon Visibility.lnk -> C:\Program Files (x86)\BrowseForTheCause\BrowseForTheCause.exe (No File)
Shortcut: C:\Users\John\Desktop\Sync Folder.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
End

*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} => Key deleted successfully.
HKCR\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38f05420-132e-4103-866e-d41afa404d24} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{38f05420-132e-4103-866e-d41afa404d24} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
EraserUtilRebootDrv => Service deleted successfully.
C:\ProgramData\ras_0oed.pad => Moved successfully.
C:\Users\John\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{078D22A6-6177-47AD-AF7D-6B77AD8CFEDA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{078D22A6-6177-47AD-AF7D-6B77AD8CFEDA} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowseForTheCauseUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowseForTheCauseUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18EB14FE-96BC-4459-9C8D-183B4CBBE110} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18EB14FE-96BC-4459-9C8D-183B4CBBE110} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330A52A3-C5E0-4821-AC24-8C5A0F4993E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330A52A3-C5E0-4821-AC24-8C5A0F4993E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_DEFAULT => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E0F4F84-289C-4026-8155-169046DEF590} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E0F4F84-289C-4026-8155-169046DEF590} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A08BA914-DF53-484F-BCBA-FDBE218EB81B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A08BA914-DF53-484F-BCBA-FDBE218EB81B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_UPDATES => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C44F856E-3607-4F11-88A6-FF228676AC83} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C44F856E-3607-4F11-88A6-FF228676AC83} => Key deleted successfully.
C:\Windows\System32\Tasks\DTReg => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDB31C9E-E9E0-4087-B28E-E46155E9E413} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDB31C9E-E9E0-4087-B28E-E46155E9E413} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

Here is the log for the search.txt scan:

Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by John at 2014-03-15 16:41:11
Running from C:\Users\John\Downloads
Boot Mode: Normal

================== Search: "svchost.exe;services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2014-03-11 21:48] - [2013-04-04 14:50] - 0218184 ____A () B4C6E3889BB310CA7E974A04EC6E46AC

====== End Of Search ======

Thanks.

#14
JSntgRvr

Posted 15 March 2014 - 06:25 PM

Global Moderator

Global Moderator
11,579 posts

Download the enclosed file.

Save it in the same location FRST is saved.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the same location FRST is saved, (Fixlog.txt). Please post it to your reply.

Restart and test the computer.

How is it doing?

#15
mckinney7

Posted 16 March 2014 - 08:34 AM

Member

Topic Starter
Member
60 posts

I saved the fixlist and then ran FRST. I don't know if this matters but when I clicked "fix" it took less than a second for FRST to say it was finished and that a log had been made. Hopefully I am not doing anything wrong.

I spent some time on the laptop and the only thing that seemed suspicious was that when I clicked on the Chrome icon, the normal page didn't come up. Instead it was search.conduit.com. It didn't happen every time, just once. Otherwise nothing out of the ordinary happened.

Here is the latest fixlog from FRST:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by John at 2014-03-16 08:42:58 Run:2
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
End
*****************

C:\Windows\System32\services.exe => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====