Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of pop ups and computer running slow!

Started by jp17315 , Apr 25 2014 09:35 PM

  • Please log in to reply

#1
jp17315
Posted 25 April 2014 - 09:35 PM

jp17315

    Member

  • Member
  • PipPipPip
  • 127 posts

this is a friends computer and she told me to clean it up for her. She did not tell me much just that it was running slow nad some popups were occuring. I went onthe internet to add this thread and 7 windows popped up. Some in their own windows some in tabs. I did not scan with anything but OTL. Log is listed below. Thanks for the help!

 

OTL logfile created on: 4/25/2014 8:01:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jenktr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.39 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 64.51% Memory free
6.79 Gb Paging File | 4.71 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 399.07 Gb Free Space | 88.95% Space Free | Partition Type: NTFS
 
Computer Name: JENKTR-PC | User Name: jenktr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/25 19:59:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jenktr\Downloads\OTL.exe
PRC - [2014/04/25 19:45:27 | 000,350,496 | ---- | M] () -- C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe
PRC - [2014/04/25 18:54:06 | 000,350,496 | ---- | M] () -- C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe
PRC - [2014/04/25 09:59:02 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
PRC - [2014/04/10 19:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginService\PluginService.exe
PRC - [2014/03/30 14:04:57 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
PRC - [2014/03/30 14:04:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe
PRC - [2014/03/29 05:03:02 | 000,355,328 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2014/03/20 15:39:48 | 000,023,072 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\srptm.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2014/03/06 09:09:44 | 000,146,736 | ---- | M] () -- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
PRC - [2014/02/25 10:47:28 | 000,612,464 | ---- | M] () -- C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsApp.exe
PRC - [2014/02/06 22:19:20 | 000,032,288 | ---- | M] () -- C:\Program Files (x86)\LPT\srpts.exe
PRC - [2014/02/06 03:11:18 | 003,607,056 | ---- | M] (Aztec Media Inc.) -- C:\Program Files (x86)\Settings Manager\systemk\systemku.exe
PRC - [2014/02/06 03:11:13 | 003,448,848 | ---- | M] (Aztec Media Inc.) -- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
PRC - [2014/02/05 16:13:12 | 000,273,000 | ---- | M] (Quiknowledge) -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe
PRC - [2014/01/28 03:19:04 | 000,252,928 | ---- | M] () -- C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 10:50:39 | 000,456,064 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe
PRC - [2013/12/13 10:50:28 | 000,814,976 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe
PRC - [2013/12/02 05:42:58 | 001,380,328 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files (x86)\Inbox Toolbar\Inbox.exe
PRC - [2013/01/30 04:27:58 | 000,043,600 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Hook.exe
PRC - [2013/01/30 04:27:54 | 001,773,136 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Help.exe
PRC - [2012/04/04 17:04:54 | 000,031,664 | ---- | M] (Stronghold Online Backup) -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\SMessaging.exe
PRC - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2010/11/10 00:30:00 | 000,145,288 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2010/11/10 00:30:00 | 000,128,904 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2010/11/10 00:30:00 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/25 09:59:02 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
MOD - [2014/04/23 03:06:30 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/04/23 03:05:59 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/04/23 03:05:58 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/04/23 03:05:56 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/04/23 03:03:37 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/04/23 03:03:29 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/23 03:03:27 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/04/23 03:03:27 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\2526b5a3ab48717e858a08c3a4a8000c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/04/23 03:03:25 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/04/23 03:03:25 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/04/23 03:03:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/04/23 03:03:20 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/23 03:03:17 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/23 03:03:17 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/23 03:03:17 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/04/23 03:03:15 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/04/23 03:03:13 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/04/23 03:03:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/23 03:03:12 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/04/23 03:03:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/23 03:03:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/03/30 14:04:57 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Re-markit Corp\Re-markit_wd.exe
MOD - [2014/03/20 15:39:54 | 000,056,352 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\srut.dll
MOD - [2014/03/20 15:39:48 | 000,023,072 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\srptm.exe
MOD - [2014/03/20 15:39:48 | 000,023,072 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\srptc.dll
MOD - [2014/03/20 15:39:46 | 000,077,856 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\srpt.dll
MOD - [2014/03/20 15:39:44 | 000,024,608 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\srpdm.dll
MOD - [2014/03/20 15:39:40 | 000,043,552 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\srbu.dll
MOD - [2014/03/20 15:39:36 | 000,063,520 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\sppsm.dll
MOD - [2014/03/20 15:39:18 | 000,154,656 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2014/03/20 15:39:16 | 000,037,408 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll
MOD - [2014/03/20 15:39:16 | 000,026,656 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\Smartbar.Personalization.Common.dll
MOD - [2014/03/20 15:39:12 | 000,165,408 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll
MOD - [2014/03/20 15:38:42 | 000,018,976 | ---- | M] () -- C:\Users\jenktr\AppData\Local\LPT\Smartbar.Common.dll
MOD - [2014/03/07 14:38:31 | 000,904,704 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2014/03/07 14:38:28 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2014/03/06 09:09:44 | 000,146,736 | ---- | M] () -- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MOD - [2014/02/25 10:47:28 | 000,612,464 | ---- | M] () -- C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsApp.exe
MOD - [2014/02/12 20:58:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\801b632b8b7ef72f14333dbce41524b8\System.Xml.Linq.ni.dll
MOD - [2014/02/12 20:58:35 | 009,923,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\d45d35e537027d3bd6d30bdbbf72ff0e\System.Data.Entity.ni.dll
MOD - [2014/02/12 20:58:05 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\e383182777b770f5eb30064b782bff53\System.Data.DataSetExtensions.ni.dll
MOD - [2014/02/12 20:58:04 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c2dde6ca38ddab8efae49654fbabc14c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/02/12 20:57:34 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/02/12 20:57:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/12 19:32:20 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll
MOD - [2014/02/12 19:32:19 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/12 19:32:12 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\faf3ae85f2470505e1b32d2154de60ef\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 19:32:12 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\faf3ae85f2470505e1b32d2154de60ef\System.EnterpriseServices.Wrapper.dll
MOD - [2014/02/12 19:32:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cd3556d1162e8f7df77611c9c4253f7c\System.Transactions.ni.dll
MOD - [2014/02/12 19:32:10 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/12 19:31:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 19:31:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 19:31:28 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/12 19:31:14 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\f6db4a5f721a164ce945d0a28f2ca7bd\System.Security.ni.dll
MOD - [2014/02/12 19:31:13 | 002,515,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\6a5e8dcdee321bff4851b99b5356a08e\System.Data.SqlXml.ni.dll
MOD - [2014/02/12 19:31:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 19:31:07 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 19:31:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 19:30:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/06 03:11:23 | 000,485,904 | ---- | M] () -- C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
MOD - [2013/12/13 10:50:42 | 000,551,296 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.SystemNotification.dll
MOD - [2013/12/13 10:50:41 | 000,019,840 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ClientMessaging.dll
MOD - [2013/12/13 10:50:41 | 000,012,672 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.SchedulerPlugInUpdate.dll
MOD - [2013/12/13 10:50:39 | 000,456,064 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe
MOD - [2013/12/13 10:50:38 | 000,018,304 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Environment.Identification.dll
MOD - [2013/12/13 10:50:38 | 000,011,648 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ApplicationUpdate.dll
MOD - [2013/12/13 10:50:37 | 000,014,208 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.Backup.dll
MOD - [2013/12/13 10:50:36 | 000,013,696 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.DropListener.dll
MOD - [2013/12/13 10:50:35 | 000,013,696 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Metadata.dll
MOD - [2013/12/13 10:50:34 | 000,027,520 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Models.dll
MOD - [2013/12/13 10:50:34 | 000,012,672 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.NotificationUpdate.dll
MOD - [2013/12/13 10:50:33 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Metrics.dll
MOD - [2013/12/13 10:50:32 | 000,012,672 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Helpers.dll
MOD - [2013/12/13 10:50:31 | 000,019,328 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.SosManagement.dll
MOD - [2013/12/13 10:50:30 | 000,023,424 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Metrics.Dispatching.dll
MOD - [2013/12/13 10:50:29 | 000,138,624 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Data.Repository.dll
MOD - [2013/12/13 10:50:29 | 000,014,720 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.ApplicationManagement.dll
MOD - [2013/12/13 10:50:28 | 000,814,976 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe
MOD - [2013/12/13 10:50:27 | 000,037,760 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BBV.Framework.dll
MOD - [2013/12/13 10:50:27 | 000,020,352 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.StrongholdManagement.dll
MOD - [2013/07/30 14:59:51 | 000,021,504 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Browsers.Firefox.dll
MOD - [2013/07/30 14:59:51 | 000,010,752 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Browsers.Chrome.dll
MOD - [2013/07/29 12:03:56 | 000,011,264 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ExtensionUpdate.dll
MOD - [2013/02/27 17:19:29 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\System.ComponentModel.Composition.dll
MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/10 20:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 20:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/12 14:16:16 | 000,210,432 | ---- | M] () [Auto | Running] -- c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe -- (SavingsbullFilterService64)
SRV:64bit: - [2014/01/27 13:45:12 | 000,710,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/06/29 08:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2014/04/25 19:45:27 | 000,350,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe -- (Update Mega Browse)
SRV - [2014/04/25 18:54:06 | 000,350,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe -- (Util Mega Browse)
SRV - [2014/04/10 19:05:52 | 000,705,136 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService)
SRV - [2014/03/31 08:34:02 | 000,011,776 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe -- (NewPlayerUpdaterService)
SRV - [2014/03/30 14:04:56 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Re-markit Corp\Re-markit158.exe -- (Re-markit)
SRV - [2014/03/29 05:03:02 | 000,355,328 | ---- | M] () [Auto | Running] -- C:\Users\jenktr\AppData\Roaming\VOPackage\VOsrv.exe -- (vosr)
SRV - [2014/03/16 09:40:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/02/06 22:19:20 | 000,032,288 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LPT\srpts.exe -- (LPTSystemUpdater)
SRV - [2014/02/06 03:11:13 | 003,448,848 | ---- | M] (Aztec Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe -- (SystemkService)
SRV - [2014/02/05 16:13:12 | 000,273,000 | ---- | M] (Quiknowledge) [Auto | Running] -- C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe -- (qksvc)
SRV - [2014/01/28 03:19:04 | 000,252,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe -- (ConvertFilesforFreeUpdt)
SRV - [2014/01/27 18:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/01/30 04:28:06 | 000,342,608 | ---- | M] (PCRx.com, LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2011/06/21 12:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys -- ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/02/05 16:13:12 | 000,058,256 | ---- | M] (Quiknowledge) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\qknfd.sys -- (qknfd)
DRV:64bit: - [2013/12/17 16:09:02 | 000,061,592 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 23:24:01 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/02 23:24:01 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/02 23:24:01 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/29 10:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 08:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 05:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 05:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/14 20:25:56 | 000,280,656 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....149584_2270F15A
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find....q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find....q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1847788737&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.key-find....q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearc...=1847788737&ir=
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....149584_2270F15A
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1847788737&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....149584_2270F15A
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...6Pt__TO4_WlEPYA,
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNVC_enUS581
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.co...1I7RNVC_enUS581
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58194;https=127.0.0.1:58194
 
========== FireFox ==========
 
FF - prefs.js..CT3239904.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "key-find"
FF - prefs.js..browser.search.defaultthis.engineName: "SocialSearchBar_App Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "default-search.net"
FF - prefs.js..browser.search.order.2: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "key-find"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.key-find....49584_2270F15A"
FF - prefs.js..extensions.enabledAddons: idmsq%40idmsq.com:1.0
FF - prefs.js..extensions.enabledAddons: quick_start%40gmail.com:3.1.9
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B5ae66703-77f8-4623-8c81-9ba769053c03%7D:1.158
FF - prefs.js..extensions.enabledAddons: extension%40Convert_Files_for_Free.com:7.12
FF - prefs.js..extensions.enabledAddons: %7B29b136c9-938d-4d3d-8df8-d649d9b74d02%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B7cac595c-e711-cc71-44c8-c5bb58bb375b%7D:1.1
FF - prefs.js..extensions.enabledAddons: quiknowledge%40quiknowledge.com:1.9.0.1
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.3.20140326060057
FF - prefs.js..extensions.enabledAddons: %7B37F9163C-392F-354F-E58C-3C8922A98E9E%7D:5.0.0.11471
FF - prefs.js..extensions.enabledAddons: extension%40linkeyproject.com:1.0
FF - prefs.js..extensions.enabledAddons: a9719e64-232b-4695-ae9c-a89cd7f2aa84%40ca1279df-bc0d-44a8-97ef-19301c922b68.com:0.94.20
FF - prefs.js..extensions.enabledAddons: ee5ad154-f909-4cc0-aa51-d7e94e3fb0af%4036204afd-f43e-4917-9c71-8384e2e4d3ad.com:0.94.31
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...JDjihaarA,,&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll (MapsGalaxy)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected] [2014/03/30 14:04:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\extension@Convert_Files_for_Free.com: C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com [2014/03/30 14:57:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014/04/05 09:20:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5ae66703-77f8-4623-8c81-9ba769053c03}: C:\Program Files (x86)\Re-markit Corp\158.xpi [2014/03/30 14:04:58 | 000,013,169 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/11/05 10:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Extensions
[2014/04/25 19:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions
[2014/04/05 17:37:13 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}
[2013/03/01 16:16:29 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/04/05 09:22:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/04/05 09:22:36 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{7cac595c-e711-cc71-44c8-c5bb58bb375b}
[2014/03/30 14:06:07 | 000,000,000 | ---D | M] ("MediaPlayerplus") -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com
[2014/03/30 14:06:04 | 000,000,000 | ---D | M] ("HQVideoB") -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com
[2014/04/05 17:37:52 | 000,000,000 | ---D | M] (Linkey for Firefox) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/04/05 09:02:36 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/03/30 13:55:59 | 000,000,000 | ---D | M] (Internet Download Manager Squared) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/03/30 14:04:58 | 000,000,000 | ---D | M] ("Quick Start") -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/03/19 17:02:35 | 000,000,000 | ---D | M] (SavingsBull) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\SavingsBull@jetpack
[2014/02/03 05:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\content
[2014/02/03 05:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]\skin
[2014/04/25 18:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData
[2014/04/25 18:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\plugins
[2014/04/25 18:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com\extensionData\userCode
[2014/04/25 18:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData
[2014/04/25 18:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins
[2014/04/25 18:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\userCode
[2014/04/05 09:20:36 | 000,010,776 | ---- | M] () (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi
[2014/04/05 09:22:36 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2014/04/05 17:37:47 | 000,002,579 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\default-search.xml
[2014/04/05 09:02:59 | 000,002,789 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\Mysearchdial.xml
[2014/04/21 14:10:27 | 000,002,393 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\Web Search.xml
[2014/04/05 09:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/04/05 09:20:37 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/02/14 23:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 23:21:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/30 14:57:28 | 000,000,000 | ---D | M] (ConvertFilesforFree) -- C:\PROGRAM FILES (X86)\CONVERT FILES FOR FREE\EXTENSION@CONVERT_FILES_FOR_FREE.COM
[2014/03/30 14:04:58 | 000,013,169 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\RE-MARKIT CORP\158.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: key-find (Enabled)
CHR - default_search_provider: search_url = http://www.key-find....q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.key-find....149584_2270F15A
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: HQVideoB = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.31_0\crossrider
CHR - Extension: HQVideoB = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm\1.26.31_0\
CHR - Extension: MediaPlayerplus = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.20_0\crossrider
CHR - Extension: MediaPlayerplus = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.20_0\
CHR - Extension: Google Wallet = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/03/29 10:42:35 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1            d3oxij66pru1i3.cloudfront.net
O2:64bit: - BHO: (HQVideoB) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVideoB\HQVideoB-bho64.dll (HighQualityVid)
O2:64bit: - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2:64bit: - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
O2:64bit: - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEOptimizer) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SavingsBull\IEOptimizer.dll ()
O2 - BHO: (HQVideoB) - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQVideoB\HQVideoB-bho.dll (HighQualityVid)
O2 - BHO: (MediaPlayerplus) - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Quiknowledge) - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll (Quiknowledge)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (Linkey) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
O2 - BHO: (Mega Browse) - {4e6cd411-ce62-4584-97ff-6afbcf6900af} - C:\Program Files (x86)\Mega Browse\MegaBrowseBHO.dll (Mega Browse)
O2 - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (Crawler, LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files (x86)\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [SMessaging] C:\Users\jenktr\AppData\Local\Super Backup Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [BackupAgent] C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe ()
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\jenktr\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [ContentExplorer] C:\Users\jenktr\AppData\Roaming\ContentExplorer\ContentExplorer.exe (ContentExplorer)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe ()
O4 - Startup: C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk = C:\Users\jenktr\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
O4 - Startup: C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk = C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsApp.exe ()
O4 - Startup: C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperBackupApp.lnk = C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7C91D0-91FF-4815-A336-570C3EBB3890}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\progra~3\wincert\win64c~1.dll) - c:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (c:\progra~2\settin~1\systemk\x64\syskldr.dll) - c:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll ()
O20:64bit: - AppInit_DLLs: (c:\progra~2\suptab\search~2.dll) - c:\Program Files (x86)\SupTab\SearchProtect64.dll (Skytech Co., Ltd.)
O20 - AppInit_DLLs: (c:\progra~3\wincert\win32c~1.dll) - c:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\progra~2\settin~1\systemk\syskldr.dll) - c:\Program Files (x86)\Settings Manager\systemk\syskldr.dll ()
O20 - AppInit_DLLs: (c:\progra~2\suptab\search~1.dll) - c:\Program Files (x86)\SupTab\SearchProtect32.dll (Skytech Co., Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll) - C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll) - C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/25 19:42:50 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/23 03:01:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/22 03:04:27 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/05 17:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2014/04/05 17:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkey
[2014/04/05 17:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Settings Manager
[2014/04/05 17:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\systemk
[2014/04/05 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\com
[2014/04/05 09:20:48 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\IsolatedStorage
[2014/04/05 09:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Quiknowledge
[2014/04/05 09:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quiknowledge
[2014/04/05 09:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[2014/04/05 09:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Earth Networks
[2014/04/05 09:20:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}
[2014/03/31 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[2014/03/31 17:14:32 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\mysearchdial
[2014/03/31 17:14:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mysearchdial
[2014/03/31 17:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2014/03/30 16:06:37 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\LPT
[2014/03/30 15:42:14 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Google
[2014/03/30 15:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Real
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/03/30 15:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/03/30 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Real
[2014/03/30 15:39:06 | 000,000,000 | ---D | C] -- C:\Users\jenktr\.android
[2014/03/30 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\cache
[2014/03/30 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\jenktr\Documents\Mobogenie
[2014/03/30 15:39:03 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Mobogenie
[2014/03/30 15:38:50 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\ContentExplorer
[2014/03/30 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Google
[2014/03/30 15:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/03/30 15:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Browse
[2014/03/30 15:38:01 | 001,090,218 | ---- | C] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/30 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/03/30 14:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Helper
[2014/03/30 14:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convert Files for Free
[2014/03/30 14:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstaller
[2014/03/30 14:08:54 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Tuguu_SL
[2014/03/30 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\newplayer
[2014/03/30 14:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
[2014/03/30 14:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewPlayer
[2014/03/30 14:05:56 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\VOPackage
[2014/03/30 14:05:56 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/03/30 14:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaPlayerplus
[2014/03/30 14:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQVideoB
[2014/03/30 14:05:47 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Activeris
[2014/03/30 14:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
[2014/03/30 14:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Activeris
[2014/03/30 14:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activeris AntiMalware
[2014/03/30 14:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/03/30 14:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/03/30 14:05:18 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\SupTab
[2014/03/30 14:05:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService
[2014/03/30 14:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/03/30 14:05:04 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\key-find
[2014/03/30 14:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Re-markit Corp
[2014/03/29 10:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/03/29 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Yahoo!
[2014/03/29 10:40:39 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2014/03/29 10:40:36 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
[2014/03/27 17:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\SavingsBull
[1 C:\Users\jenktr\AppData\Local\*.tmp files -> C:\Users\jenktr\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/25 20:05:04 | 000,003,110 | ---- | M] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-3.job
[2014/04/25 20:05:04 | 000,002,582 | ---- | M] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-4.job
[2014/04/25 20:04:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/04/25 20:00:31 | 000,001,103 | ---- | M] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/25 19:48:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/25 19:44:48 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/04/25 19:44:48 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/04/25 19:44:25 | 000,001,049 | ---- | M] () -- C:\Users\jenktr\Desktop\AnyProtect.lnk
[2014/04/25 19:40:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/25 19:19:24 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/25 19:19:24 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/25 19:14:16 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/04/25 19:13:02 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Re-markit Update.job
[2014/04/25 19:10:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/25 19:10:13 | 000,001,576 | ---- | M] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-5.job
[2014/04/25 19:10:10 | 000,003,460 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
[2014/04/25 19:10:07 | 000,002,424 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
[2014/04/25 19:10:04 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2014/04/25 19:10:03 | 000,001,660 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
[2014/04/25 19:09:59 | 000,001,504 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
[2014/04/25 19:09:59 | 000,001,420 | ---- | M] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-2.job
[2014/04/25 19:09:58 | 000,001,574 | ---- | M] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
[2014/04/25 19:09:58 | 000,001,476 | ---- | M] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-1.job
[2014/04/25 19:09:54 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/04/25 19:09:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/25 19:09:10 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/25 19:07:53 | 000,001,162 | ---- | M] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/04/25 17:01:20 | 001,090,218 | ---- | M] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/22 15:01:06 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/04/21 14:15:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/05 09:22:29 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/04/05 09:20:25 | 000,001,899 | ---- | M] () -- C:\Users\jenktr\Desktop\WeatherBug®.lnk
[2014/04/01 16:30:33 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/03/31 17:16:10 | 000,002,846 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\aps.scan.results
[2014/03/31 17:16:10 | 000,001,148 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\aps.scan.quick.results
[2014/03/31 17:16:10 | 000,000,314 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\aps.uninstall.scan.results
[2014/03/30 14:57:32 | 000,000,002 | ---- | M] () -- C:\END
[2014/03/30 14:57:00 | 000,001,120 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/03/30 14:53:00 | 000,001,417 | ---- | M] () -- C:\Users\jenktr\Desktop\Internet Explorer.lnk
[2014/03/30 14:52:59 | 000,001,441 | ---- | M] () -- C:\Users\jenktr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/30 14:05:44 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Activeris AntiMalware.lnk
[2014/03/30 14:05:31 | 000,001,066 | ---- | M] () -- C:\Users\jenktr\Desktop\Optimizer Pro.lnk
[2014/03/30 14:04:59 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/30 14:04:57 | 000,001,327 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/30 07:09:53 | 000,281,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\jenktr\AppData\Local\*.tmp files -> C:\Users\jenktr\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/25 20:00:31 | 000,001,103 | ---- | C] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/25 19:44:48 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/04/25 19:44:48 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/04/25 19:44:48 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/04/25 19:07:53 | 000,001,162 | ---- | C] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/04/05 17:37:53 | 000,000,832 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk
[2014/04/05 09:22:29 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\NewPlayer.lnk
[2014/04/05 09:20:25 | 000,001,899 | ---- | C] () -- C:\Users\jenktr\Desktop\WeatherBug®.lnk
[2014/03/31 17:15:59 | 000,002,846 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\aps.scan.results
[2014/03/31 17:15:59 | 000,001,148 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\aps.scan.quick.results
[2014/03/31 17:15:52 | 000,001,049 | ---- | C] () -- C:\Users\jenktr\Desktop\AnyProtect.lnk
[2014/03/31 17:14:46 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/03/31 17:14:46 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/03/31 17:14:35 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2014/03/30 15:38:52 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/30 15:38:51 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 14:10:31 | 000,000,314 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\aps.uninstall.scan.results
[2014/03/30 14:06:14 | 000,001,660 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-5.job
[2014/03/30 14:06:12 | 000,001,576 | ---- | C] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-5.job
[2014/03/30 14:06:12 | 000,001,504 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-2.job
[2014/03/30 14:06:10 | 000,001,574 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-1.job
[2014/03/30 14:06:09 | 000,001,420 | ---- | C] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-2.job
[2014/03/30 14:06:06 | 000,001,476 | ---- | C] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-1.job
[2014/03/30 14:06:03 | 000,002,424 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-4.job
[2014/03/30 14:06:00 | 000,003,460 | ---- | C] () -- C:\Windows\tasks\1d58acf1-29e5-4c8e-a536-e04dd320ab01-3.job
[2014/03/30 14:05:59 | 000,002,582 | ---- | C] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-4.job
[2014/03/30 14:05:57 | 000,003,110 | ---- | C] () -- C:\Windows\tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-3.job
[2014/03/30 14:05:44 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Activeris AntiMalware.lnk
[2014/03/30 14:05:37 | 000,020,480 | ---- | C] () -- C:\Windows\SysNative\acrisnative64.exe
[2014/03/30 14:05:31 | 000,001,066 | ---- | C] () -- C:\Users\jenktr\Desktop\Optimizer Pro.lnk
[2014/03/30 14:05:01 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Re-markit Update.job
[2014/03/30 14:04:59 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/03/30 14:04:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/03 09:36:07 | 000,000,088 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\WB.CFG
[2013/04/14 01:52:46 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
 
========== ZeroAccess Check ==========
 
[2013/03/30 13:20:05 | 000,000,043 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1522728210-3906803090-313747741-1000\$R4L2OGD.com_files\l.gif
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/03/03 09:36:51 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\1H1Q
[2013/02/01 12:40:22 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\24x7 Help
[2014/03/30 14:05:47 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Activeris
[2012/10/25 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Barnes & Noble
[2013/03/24 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2014/03/16 14:49:30 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\CompuClever
[2014/03/30 15:38:54 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\ContentExplorer
[2013/04/04 13:21:48 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\DriverCure
[2014/03/29 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2014/03/30 14:53:06 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\key-find
[2014/03/31 17:14:35 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\mysearchdial
[2012/10/16 17:57:36 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\OEM
[2013/04/04 13:21:48 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\SpeedyPC Software
[2014/03/30 14:07:00 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\SupTab
[2014/04/25 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\systweak
[2014/03/30 14:05:57 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\VOPackage
[2013/04/04 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\WildTangent
[2013/09/14 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/01/19 17:15:40 | 000,000,000 | ---D | M](C:\Users?tenktr) -- C:\Users鼠tenktr
[2014/01/19 17:15:40 | 000,000,000 | ---D | C](C:\Users?tenktr) -- C:\Users鼠tenktr
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 

OTL Extras logfile created on: 4/25/2014 8:01:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jenktr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.39 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 64.51% Memory free
6.79 Gb Paging File | 4.71 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 399.07 Gb Free Space | 88.95% Space Free | Partition Type: NTFS
 
Computer Name: JENKTR-PC | User Name: jenktr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BCA8D9-B4C3-450A-967D-E7F077D2FE2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EE7800F-FCB6-4372-B369-0CD523099069}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3121784F-808C-4A0E-86CD-0714FDAE6C64}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{391E14B4-C056-423C-BA90-D4A6C0ED72AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49DDE820-A24B-4BDE-B904-E1C89722109A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{579895D6-9AC3-42FF-AB3F-3BC56F05D0DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F4FA89F-5BB1-4CCB-98D2-B2A9CDF81B68}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BFD6C32-F1AA-4744-8A67-9FC951A78E38}" = lport=139 | protocol=6 | dir=in | app=system |
"{7829979B-BF9F-4445-9E0A-427453AA026E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7EBE0AD5-E7A1-4315-85A9-5CDB773F5A9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{7F7E9E66-93FB-4960-963E-F847893583C6}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A73F530-BF45-48A3-9F4E-A68F1253C9E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A5E1BD0A-D6FD-4B43-BA35-EA6070667BF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF06112B-C7CE-48EF-9BAB-B8E3F9256340}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA4AF68B-811D-4FA0-9839-81A57D9D9F18}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D67BF050-5D37-4677-AE11-2F6333BD01DB}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6CBA673-2E77-415E-90E2-174B860ECDDE}" = rport=138 | protocol=17 | dir=out | app=system |
"{D77BE372-F7DD-4627-8921-69EC57A22526}" = rport=137 | protocol=17 | dir=out | app=system |
"{D8C0C3D1-BDE5-469B-86F2-8C47B24136D7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DA525F17-0946-4AC6-89BF-9687C3149222}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F0CCDB5A-0FC3-461D-9141-5D68A98EFA9D}" = rport=139 | protocol=6 | dir=out | app=system |
"{F860CEDA-BEDA-4A91-90C6-3A45EC96CAAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B0D28F-8753-4AC6-81AB-9A3C891BCE38}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{058990F6-594A-4B9F-9505-2ECEBAE965B1}" = protocol=58 | dir=in | [email protected],-28545 |
"{26BA2D68-274F-478D-AA55-620F7D3A354B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4755897E-01DF-4BDC-A7D5-CB4920CFAA05}" = dir=in | app=c:\users\jenktr\appdata\local\microsoft\skydrive\skydrive.exe |
"{4CF26FB5-6353-43B9-8CBB-4F0C25BDBD24}" = dir=out | app=c:\users\jenktr\appdata\local\microsoft\windows\temporary internet files\content.ie5\n5r3p14x\videoperformersetup.exe |
"{7263222C-E27A-4510-944B-3EFE81D47E99}" = protocol=58 | dir=out | [email protected],-28546 |
"{89A3A202-EBE6-441E-BAFC-A1082994D25A}" = protocol=1 | dir=in | [email protected],-28543 |
"{8F915E4B-3874-42CF-A65C-2BF1CB664A3E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{98D229CA-EE3F-4351-A08F-C9797EE0451E}" = dir=in | app=c:\users\jenktr\appdata\local\microsoft\windows\temporary internet files\content.ie5\n5r3p14x\videoperformersetup.exe |
"{9B4BFA89-49AB-499A-BAE6-EFD95112CEBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A7CA852E-42B7-4D81-B58A-09252B44D095}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DAE66317-6617-427D-AAC0-A7AEC4ED353F}" = protocol=1 | dir=out | [email protected],-28544 |
"{DB09736F-ABD1-4F06-A00F-BE56241454CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{564DD878-3DAF-4E6E-B3AE-ECA3E8A57995}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{DC58C02F-A318-49BC-958F-FC8450E242CC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{813BA625-B0FA-48D8-9B75-59759C88C219}" = SavingsbullFilter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A04DCB25-7040-4935-A30D-8E0A893ABF2D}" = iTunes
"{BBA8B8FD-ADB2-0E86-731D-BBEE82329C4B}" = ccc-utility64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D9B8D7C4-BE13-5877-6999-B076956AA3F9}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Level Quality Watcher" = SavingsBull
"Mega Browse" = Mega Browse
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{050C0087-340A-5E97-F33A-1BD2F766A2F5}" = CCC Help Italian
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0D05BD1B-C316-D17C-6CD0-CC570AEAB787}" = CCC Help Thai
"{0E6AAB73-4530-A41E-849A-EF10340A84DF}" = CCC Help Polish
"{150F483A-A4AA-12A1-7C34-D9DB1919547A}" = CCC Help Portuguese
"{179089AA-A14F-5A07-3835-433AA14AB635}" = CCC Help Chinese Traditional
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1895E5C2-A9F8-4757-AD7B-0E9EA8BA1C46}" = Catalyst Control Center - Branding
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2AC970FC-758E-EF0C-1583-435FFF47EFA9}" = CCC Help Danish
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Hoopla Player
"{2E1FF168-C322-B776-81A9-37CB1E3791D8}" = CCC Help French
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3A014A11-3D9E-44BD-9431-2DB67F752CB9}" = Snap.Do
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4B30B934-B6B5-50D5-FFC8-F354CEFD4674}" = AMD VISION Engine Control Center
"{4C774C35-E0AF-72E1-136A-2BF666702268}" = Fooz Kids
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4FEA1BF1-26BA-B8E5-B6B2-A193DCBF66F8}" = CCC Help Japanese
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{585B4766-DF69-BD72-42CC-5A092FFF49D2}" = CCC Help Chinese Standard
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{68D6BB05-DA20-A311-29D5-7460A9321E89}" = CCC Help Finnish
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}" = SavingsBull
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{709EB5DE-FB19-15F6-1789-A5C2BF5AAAAB}" = Catalyst Control Center Localization All
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{76F61A3E-2FF1-53CD-8DEC-DAFAD3F0ADDB}" = CCC Help Spanish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7C9DBDCE-235B-A3AD-09E5-3B68C75CF389}" = CCC Help English
"{7E8519C4-9CE7-761A-60CC-E2C9EEE1A8B2}" = CCC Help Greek
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{85592690-8D8D-B8C9-BB8E-F97D35D4B1F0}" = CCC Help Hungarian
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FC392C3-70F8-D3DB-7AD5-CE578968E97D}" = CCC Help Turkish
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD1E496-9BE2-4B17-A6F9-0AA193AFB1B0}" = Super Backup Online Backup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A4B1C9D6-C4C9-9227-C135-350CFB38CFED}" = CCC Help Norwegian
"{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AD17FA66-84BC-7EE6-3FFD-8652331B3F62}" = CCC Help Russian
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}" = LPT System Updater Service
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C383C5E6-CF3F-3456-6405-0BB1C7836905}" = CCC Help Swedish
"{C3A1ED0C-D956-9E30-D5E9-03AA15EA5524}" = CCC Help Czech
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CFC2B92A-C046-7F20-FB5B-7E2D9FAC3640}" = CCC Help German
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1F1771F-E62F-1F6C-DCCB-6C55F8852F9D}" = Catalyst Control Center InstallProxy
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DDAFC46A-90E2-11E2-B700-984BE15F174E}" = Evernote v. 4.6.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F199A7FB-D9BF-85BF-5CF1-D2E80C927B37}" = CCC Help Dutch
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F620365A-6ED3-F9C0-2E60-E2DC40B79EBE}" = CCC Help Korean
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"89e5787b-04b6-4eac-a003-2cc6d81fc47b" = Re-markit
"94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1" = Activeris AntiMalware
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AnyProtect" = AnyProtect
"BN_DesktopReader" = NOOK for PC
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"ContentExplorer" = ContentExplorer
"Convert Files for Free" = Convert Files for Free
"DMUninstaller" = DMUninstaller
"FileHippo.com" = FileHippo.com Update Checker
"FoozKids" = Fooz Kids
"Hotkey Utility" = Hotkey Utility
"HQVideoB" = HQVideoB
"Identity Card" = Identity Card
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"MediaPlayerplus" = MediaPlayerplus
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"mysearchdial" = Mysearchdial
"NewPlayer" = NewPlayer
"Optimizer Pro_is1" = Optimizer Pro v3.2
"Quiknowledge" = Quiknowledge
"SearchProtect" = Search Protect
"Settings Manager" = Settings Manager
"Software Updater_is1" = Software Updater version 1.8.4
"SpywareBlaster_is1" = SpywareBlaster 5.0
"VOPackage" = VO Package
"WeatherBug®" = WeatherBug®
"WildTangent acer Master Uninstall" = Acer Games
"WildTangentGameProvider-acer-main" = Game Channels
"WinLiveSuite" = Windows Live Essentials
"WTA-3eb3e557-5736-43e6-af42-016c9bccacc4" = Governor of Poker 2 Premium Edition
"WTA-4ae3f49b-d977-4afe-9cd3-30ee6ba52944" = Polar Bowler
"WTA-502cffac-4783-44d5-b24e-4a37e176400a" = Mystery of Mortlake Mansion
"WTA-64c86e89-fd55-4885-a73b-b1035fda3e4e" = Final Drive: Nitro
"WTA-7727b8d1-cb97-4a79-b626-27557b4b2f81" = Plants vs. Zombies - Game of the Year
"WTA-871b2b69-ccf8-466e-907d-2502732427f7" = Jewel Match 3
"WTA-88b3a091-21f3-4921-b861-0dcab7176efe" = Agatha Christie - Death on the Nile
"WTA-8c6320e5-b3f9-4ba1-930a-9b0e2b6d7cf1" = Bejeweled 2 Deluxe
"WTA-a3d7cde4-5d32-41d5-b798-de37b1e8c45a" = Virtual Villagers 5 - New Believers
"WTA-a4d21338-bf5f-4229-bff6-44e4b258ca4b" = Cradle of Rome 2
"WTA-b01f779d-b18d-46b5-823a-8b08ee032e21" = Chronicles of Albian
"WTA-c7ca15d4-ea04-434c-8f3f-e1551ad8e3ea" = Penguins!
"WTA-c86b86af-d878-4b3a-a431-66b858031e88" = Polar Golfer
"WTA-cf1ef031-927a-43f0-a20c-a0d73dbd287d" = Build-a-lot 4 - Power Source
"WTA-d026a866-bb5b-4e33-9c1a-9151f3aa109c" = Zuma's Revenge
"WTA-eee6e5ff-b312-452c-bb4f-3962e006e27b" = Dora's World Adventure
"WTA-f15b6443-6a5d-435b-a8f9-5b8e0a9b5124" = Torchlight
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{82d63d40-5a2d-41c1-b175-9420546b4996}" = Snap.Do Engine
"Acrobat Reader Packages" = Acrobat Reader Packages
"d46796c124a73858" = Internet Download Manager Upgrade
"Linkey" = Linkey
"SkyDriveSetup.exe" = Microsoft SkyDrive
"StormAlerts" = StormAlerts
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/25/2014 10:10:09 PM | Computer Name = jenktr-PC | Source = ConvertFilesforFree | ID = 2
Description =
 
Error - 4/25/2014 10:10:09 PM | Computer Name = jenktr-PC | Source = ConvertFilesforFree | ID = 2
Description =
 
Error - 4/25/2014 10:10:09 PM | Computer Name = jenktr-PC | Source = ConvertFilesforFree | ID = 2
Description =
 
Error - 4/25/2014 10:10:10 PM | Computer Name = jenktr-PC | Source = ConvertFilesforFree | ID = 2
Description =
 
Error - 4/25/2014 10:10:58 PM | Computer Name = jenktr-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SoftwareUpdater.exe, version: 1.8.4.0,
time stamp: 0x53209c6f  Faulting module name: SoftwareUpdater.exe, version: 1.8.4.0,
 time stamp: 0x53209c6f  Exception code: 0xc0000005  Fault offset: 0x0002e96d  Faulting
 process id: 0x9f0  Faulting application start time: 0x01cf60f4b2fa126a  Faulting application
 path: C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe  Faulting module
 path: C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe  Report Id: 015c2613-cce8-11e3-8656-f80f4146aea0
 
Error - 4/25/2014 10:12:22 PM | Computer Name = jenktr-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/25/2014 10:12:31 PM | Computer Name = jenktr-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.5.216.0, time stamp:
 0x531f64e3  Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
 0x521eaf24  Exception code: 0xc0000374  Fault offset: 0x00000000000c4102  Faulting process
 id: 0x3f0  Faulting application start time: 0x01cf60f48ca62a49  Faulting application
 path: c:\Program Files\Microsoft Security Client\MsMpEng.exe  Faulting module path:
 C:\Windows\SYSTEM32\ntdll.dll  Report Id: 38c87d37-cce8-11e3-8656-f80f4146aea0
 
Error - 4/25/2014 10:18:02 PM | Computer Name = jenktr-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is  . The first DWORD in the Data
 section contains the index value to the malformed string while the second and third
 DWORDs in the Data section contain the last valid index values.
 
Error - 4/25/2014 10:25:17 PM | Computer Name = jenktr-PC | Source = ConvertFilesforFree | ID = 2
Description =
 
Error - 4/25/2014 10:40:25 PM | Computer Name = jenktr-PC | Source = ConvertFilesforFree | ID = 2
Description =
 
Error - 4/25/2014 10:55:34 PM | Computer Name = jenktr-PC | Source = ConvertFilesforFree | ID = 2
Description =
 
[ Media Center Events ]
Error - 8/6/2013 7:42:11 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 4:42:08 PM - Error connecting to the internet.  4:42:08 PM -     Unable
 to contact server..  
 
Error - 8/6/2013 8:42:16 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 5:42:16 PM - Error connecting to the internet.  5:42:16 PM -     Unable
 to contact server..  
 
Error - 8/6/2013 8:42:21 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 5:42:21 PM - Error connecting to the internet.  5:42:21 PM -     Unable
 to contact server..  
 
Error - 8/8/2013 7:31:13 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 4:31:13 PM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 8/8/2013 7:31:17 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 4:31:15 PM - Failed to retrieve NetTV (Error: Unable to connect to
 the remote server)  
 
Error - 8/8/2013 7:31:19 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 4:31:18 PM - Failed to retrieve MCESpotlight (Error: Unable to connect
 to the remote server)  
 
Error - 8/8/2013 7:31:21 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 4:31:20 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
Error - 8/8/2013 7:31:24 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 4:31:22 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
 to the remote server)  
 
Error - 8/8/2013 7:31:26 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 4:31:25 PM - Failed to retrieve SportsV2 (Error: Unable to connect
 to the remote server)  
 
Error - 8/8/2013 7:31:27 PM | Computer Name = jenktr-PC | Source = MCUpdate | ID = 0
Description = 4:31:27 PM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
[ System Events ]
Error - 4/25/2014 9:53:57 PM | Computer Name = jenktr-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
 %%886     Error Code: 0x80070006     Error description: The handle is invalid.      Reason: %%837
 
Error - 4/25/2014 9:54:08 PM | Computer Name = jenktr-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
 %%886     Error Code: 0x80070006     Error description: The handle is invalid.      Reason: %%836
 
Error - 4/25/2014 9:54:46 PM | Computer Name = jenktr-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
15000 milliseconds: Restart the service.
 
Error - 4/25/2014 10:08:20 PM | Computer Name = jenktr-PC | Source = DCOM | ID = 10010
Description =
 
Error - 4/25/2014 10:08:21 PM | Computer Name = jenktr-PC | Source = DCOM | ID = 10010
Description =
 
Error - 4/25/2014 10:11:15 PM | Computer Name = jenktr-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the NewPlayer
 Updater Service service to connect.
 
Error - 4/25/2014 10:11:15 PM | Computer Name = jenktr-PC | Source = Service Control Manager | ID = 7000
Description = The NewPlayer Updater Service service failed to start due to the following
 error:   %%1053
 
Error - 4/25/2014 10:11:37 PM | Computer Name = jenktr-PC | Source = Service Control Manager | ID = 7000
Description = The Update FindRight service failed to start due to the following
error:   %%2
 
Error - 4/25/2014 10:11:46 PM | Computer Name = jenktr-PC | Source = Service Control Manager | ID = 7000
Description = The Util FindRight service failed to start due to the following error:
   %%2
 
Error - 4/25/2014 10:13:04 PM | Computer Name = jenktr-PC | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
15000 milliseconds: Restart the service.
 
 
< End of report >
 


  • 0

Advertisements

#2
zep516
Posted 25 April 2014 - 10:58 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

You have a very infected machine there.

First

Lets check your Programs & Features list where your programs are and we find lots of adware that are causing pop ups !
  • SavingsbullFilter
  • Mega Browse
  • Snap.Do
  • Inbox Toolbar
  • 24x7 Help
  • Re-markit
  • Activeris AntiMalware
  • AnyProtect
  • MediaPlayerplus
  • Mysearchdial
  • NewPlayer
  • Optimizer Pro v3.2
  • Quiknowledge
  • Search Protect
  • Snap.Do Engine
  • Linkey
Lets remove all of those programs listed above. If they don't remove skip it and go to the next, remove as much as you can and follow the next steps in my list of steps provided.
==> Click > Start > Control Panel > Programs & Features, click the program to remove then select Uninstall.

Next

Download every tool to the DESKTOP, not the downloads folder. Right click every tool and Run as adminstrator!

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.[/color]
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next

Please download Malwarebytes' Anti-Malware to your desktop from Here
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please post the following logs in your next reply:
  • AdwCleaner[so].txt
  • JRT.txt
  • Malwarebytes log
Thanks
Joe :)
  • 0

#3
jp17315
Posted 26 April 2014 - 07:39 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

here are the logs:

 

# AdwCleaner v3.204 - Report created 26/04/2014 at 17:50:07
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jenktr - JENKTR-PC
# Running from : C:\Users\jenktr\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : IePluginService
Service Found : Level Quality Watcher
Service Found : qknfd
Service Found : SystemkService
Service Found : Update FindRight
Service Found : Util FindRight

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\jenktr\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
File Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\Web Search.xml
File Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\user.js
File Found : C:\Users\jenktr\daemonprocess.txt
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-1
File Found : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-2
File Found : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-3
File Found : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-4
File Found : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-5
File Found : C:\Windows\System32\Tasks\APSnotifierPP1
File Found : C:\Windows\System32\Tasks\APSnotifierPP2
File Found : C:\Windows\System32\Tasks\APSnotifierPP3
File Found : C:\Windows\System32\Tasks\LaunchApp
File Found : C:\Windows\System32\Tasks\paretologic update version3
File Found : C:\Windows\System32\Tasks\RegClean Pro
File Found : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Found : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
File Found : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-1.job
File Found : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-2.job
File Found : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-3.job
File Found : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-4.job
File Found : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-5.job
File Found : C:\Windows\Tasks\APSnotifierPP1.job
File Found : C:\Windows\Tasks\APSnotifierPP2.job
File Found : C:\Windows\Tasks\APSnotifierPP3.job
File Found : C:\Windows\Tasks\paretologic update version3.job
File Found : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Found : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Folder Found : C:\AI_RecycleBin
Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Found : C:\Program Files (x86)\File Type Helper
Folder Found : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\Program Files (x86)\Software Updater
Folder Found : C:\Program Files (x86)\SupTab
Folder Found : C:\Program Files (x86)\Uninstaller
Folder Found : C:\Program Files\Level Quality Watcher
Folder Found : C:\Program Files\SavingsBull
Folder Found : C:\SearchProtect
Folder Found : C:\Users\jenktr\.android
Folder Found : C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Folder Found : C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
Folder Found : C:\Users\jenktr\AppData\Local\Mobogenie
Folder Found : C:\Users\jenktr\AppData\Local\Temp\AI_RecycleBin
Folder Found : C:\Users\jenktr\AppData\Local\Temp\AirInstaller
Folder Found : C:\Users\jenktr\AppData\Local\Temp\Mega Browse
Folder Found : C:\Users\jenktr\AppData\Local\Tuguu_SL
Folder Found : C:\Users\jenktr\AppData\LocalLow\DataMngr
Folder Found : C:\Users\jenktr\AppData\LocalLow\MapsGalaxy_39EI
Folder Found : C:\Users\jenktr\AppData\LocalLow\Mysearchdial
Folder Found : C:\Users\jenktr\AppData\Roaming\1H1Q
Folder Found : C:\Users\jenktr\AppData\Roaming\Activeris
Folder Found : C:\Users\jenktr\AppData\Roaming\DriverCure
Folder Found : C:\Users\jenktr\AppData\Roaming\key-find
Folder Found : C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com
Folder Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\[email protected]
Folder Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Smartbar
Folder Found : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\ValueApps
Folder Found : C:\Users\jenktr\AppData\Roaming\speedypc software
Folder Found : C:\Users\jenktr\AppData\Roaming\SupTab
Folder Found : C:\Users\jenktr\AppData\Roaming\Systweak
Folder Found : C:\Users\jenktr\AppData\Roaming\VOPackage
Folder Found : C:\Users\jenktr\Documents\Mobogenie
Folder Found : C:\Users\jenktr\Documents\PC Health Kit
Folder Found : C:\Windows\SysWOW64\AI_RecycleBin
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.key-find.com/?type=sc&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.key-find.com/?type=sc&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.key-find.com/?type=sc&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\syskldr.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suptab\search~1.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win32c~1.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\x64\syskldr.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suptab\search~2.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win64c~1.dll
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Found : HKCU\Software\AppDataLow\Software\Savings Bull
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SoftwareUpdater
Key Found : HKCU\Software\speedypc software
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\mysearchdial.com
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\SoftwareUpdater
Key Found : [x64] HKCU\Software\speedypc software
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\Software\IePlugin
Key Found : HKLM\Software\installedbrowserextensions
Key Found : HKLM\Software\MapsGalaxy_39EI
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\Software\mysearchdial
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\SavingsBullFilter
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\speedypc software
Key Found : HKLM\Software\supTab
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Wpm
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.key-find.com/?type=hp&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YdT1S0RgmsAJg4A9B3ZYTG6G3uc_64BmBzkVembMepg3vLhaT_ROdf9DzDpcxjAtFGi6R615cI4sQiiTUVGxCki7AV1dfth-oyS6fa6suy_99VlvKk4p95wdJDjihaaqw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YdT1S0RgmsAJg4A9B3ZYTG6G3uc_64BmBzkVembMepg3vLhaT_ROdf9DzDpcxjAtFGi6R615cI4sQiiTUVGxCki7AV1dfth-oyS6fa6suy_99VlvKk4p95wdJDjihaaqw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YdT1S0RgmsAJg4A9B3ZYTG6G3uc_64BmBzkVembMepg3vLhaT_ROdf9DzDpcxjAtFGuW2tUM-XzhVwGOCPxBLRwy7N9yHAaWCjz7QzbtKoXMvJR1M16Pt__TO4_WlEPZw,,
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.key-find.com/web/?type=ds&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.key-find.com/?type=hp&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=cmi_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEyC0A0E0AtD0FtCyD0AtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0FtC0EtByEyEyBtG0DzytC0FtG0F0CyByCtG0FyD0E0BtGtB0DyEzztBzyyE0E0A0CyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtBtCyCtBzy0FyDtGzz0FzztBtGtDzyzyyDtGzytC0D0CtGtA0AtCzzyB0D0EtA0AyDtDyB2Q&cr=1847788737&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.key-find.com/web/?type=ds&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YdT1S0RgmsAJg4A9B3ZYTG6G3uc_64BmBzkVembMepg3vLhaT_ROdf9DzDpcxjAtFGi6R615cI4sQiiTUVGxCki7AV1dfth-oyS6fa6suy_99VlvKk4p95wdJDjihaaqw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YdT1S0RgmsAJg4A9B3ZYTG6G3uc_64BmBzkVembMepg3vLhaT_ROdf9DzDpcxjAtFGi6R615cI4sQiiTUVGxCki7AV1dfth-oyS6fa6suy_99VlvKk4p95wdJDjihaaqw,,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dsites0301&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEyC0A0E0AtD0FtCyD0AtN0D0Tzu0SyBzytAtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StA0D0A0B0BtA0E0CtGzzzytCtDtGtA0C0C0DtGzzyDzz0DtGtD0AtA0EtDtC0E0AtByBtCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtBtCyCtBzy0FyDtGzz0FzztBtGtDzyzyyDtGzytC0D0CtGtA0AtCzzyB0D0EtA0AyDtDyB2Q&cr=742487029&ir=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YdT1S0RgmsAJg4A9B3ZYTG6G3uc_64BmBzkVembMepg3vLhaT_ROdf9DzDpcxjAtFGi6R615cI4sQiiTUVGxCki7AV1dfth-oyS6fa6suy_99VlvKk4p95wdJDjihaaqw,,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHk7fb-MO5XCXXVn6DMoLXA5bpSRiP8qgt8qU7OgttvXIHGsPLCbSq6DZIk8YdT1S0RgmsAJg4A9B3ZYTG6G3uc_64BmBzkVembMepg3vLhaT_ROdf9DzDpcxjAtFGi6R615cI4sQiiTUVGxCki7AV1dfth-oyS6fa6suy_99VlvKk4p95wdJDjihaarA,,&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.key-find.com/web/?type=ds&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.key-find.com/?type=hp&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=cmi_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCyEyC0A0E0AtD0FtCyD0AtN0D0Tzu0SzztBtCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0FtC0EtByEyEyBtG0DzytC0FtG0F0CyByCtG0FyD0E0BtGtB0DyEzztBzyyE0E0A0CyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtBtCyCtBzy0FyDtGzz0FzztBtGtDzyzyyDtGzytC0D0CtGtA0AtCzzyB0D0EtA0AyDtDyB2Q&cr=1847788737&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.key-find.com/web/?type=ds&ts=1396213494&from=tugs&uid=395049983_3149584_2270F15A&q={searchTerms}

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\prefs.js ]

Line Found : user_pref("CT3239904.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3239904.1000082.muteState", "off");
Line Found : user_pref("CT3239904.1000082.state", "{\"state\":\"stopped\",\"text\":\"Jammin 10...\",\"description\":\"Jammin 107.7\",\"url\":\"hxxp://lightningstream.surfernetwork.com/Media/player/scripts/player.a[...]
Line Found : user_pref("CT3239904.1000234.TWC_TMP_city", "OLA");
Line Found : user_pref("CT3239904.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3239904.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3239904.1000234.TWC_locId", "USAR0421");
Line Found : user_pref("CT3239904.1000234.TWC_location", "Ola, AR");
Line Found : user_pref("CT3239904.1000234.TWC_region", "US");
Line Found : user_pref("CT3239904.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3239904.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3239904.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"84°F\",\"temperatureClear\":\"84°F\",\"highTemperature\":\"84°F\",\"lowTemperature\":\"66°F\",\"feelsLike\":\"85°F\",[...]
Line Found : user_pref("CT3239904.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3239904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3239904.FF19Solved", "true");
Line Found : user_pref("CT3239904.Facebook_Mode.enc", "Mg==");
Line Found : user_pref("CT3239904.Facebook_User_Locale.enc", "ZW4=");
Line Found : user_pref("CT3239904.Facebook_ctid_Connect_send_new.enc", "c2VuZGVk");
Line Found : user_pref("CT3239904.FirstTime", "true");
Line Found : user_pref("CT3239904.FirstTimeFF3", "true");
Line Found : user_pref("CT3239904.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&CUI=UN66929990917821126&UM=2&q=");
Line Found : user_pref("CT3239904.UserID", "UN66929990917821126");
Line Found : user_pref("CT3239904.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3239904.autoDisableScopes", -1);
Line Found : user_pref("CT3239904.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3239904.countryCode", "US");
Line Found : user_pref("CT3239904.defaultSearch", "true");
Line Found : user_pref("CT3239904.enableAlerts", "true");
Line Found : user_pref("CT3239904.enableFix404ByUser", "FALSE");
Line Found : user_pref("CT3239904.enableSearchFromAddressBar", "false");
Line Found : user_pref("CT3239904.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3239904.fixPageNotFoundError", "true");
Line Found : user_pref("CT3239904.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3239904.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3239904.fixUrls", true);
Line Found : user_pref("CT3239904.fullUserID", "UN66929990917821126.UP.20130627141142");
Line Found : user_pref("CT3239904.homepageuserchanged", true);
Line Found : user_pref("CT3239904.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Found : user_pref("CT3239904.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Line Found : user_pref("CT3239904.installDate", "31/3/2013 16:37:50");
Line Found : user_pref("CT3239904.installId", "conduitinstaller.exe");
Line Found : user_pref("CT3239904.installType", "conduitnsisintegration");
Line Found : user_pref("CT3239904.installUsage", "2013-04-01T02:38:14.9935574+03:00");
Line Found : user_pref("CT3239904.installUsageEarly", "2013-04-01T02:38:13.6363226+03:00");
Line Found : user_pref("CT3239904.installerVersion", "1.3.7.3");
Line Found : user_pref("CT3239904.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3239904.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3239904.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3239904.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3239904.keyword", true);
Line Found : user_pref("CT3239904.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3239904&octid=CT3239904&SearchSource=15&CUI=UN66929990917821126&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3239904.lastVersion", "10.23.0.822");
Line Found : user_pref("CT3239904.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3239904.migrateAppsAndComponents", true);
Line Found : user_pref("CT3239904.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://SocialSearchBarApp.OurToolbar.com/\",\[...]
Line Found : user_pref("CT3239904.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3239904.openThankYouPage", "false");
Line Found : user_pref("CT3239904.openUninstallPage", "false");
Line Found : user_pref("CT3239904.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&CUI=UN66929990917821126&UM=&q=");
Line Found : user_pref("CT3239904.originalSearchEngine", "XFINITY");
Line Found : user_pref("CT3239904.revertSettingsEnabled", "false");
Line Found : user_pref("CT3239904.search.searchAppId", "129878973612432233");
Line Found : user_pref("CT3239904.search.searchCount", "2");
Line Found : user_pref("CT3239904.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3239904.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3239904.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3239904.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3239904.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3239904.searchUserMode", "2");
Line Found : user_pref("CT3239904.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3239904.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3239904.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3239904\"}");
Line Found : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SocialSearchBarApp.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SocialSearchBar_App \"}");
Line Found : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3239904.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3239904.serviceLayer_services_Configuration_lastUpdate", "1394150792752");
Line Found : user_pref("CT3239904.serviceLayer_services_app.twitter.user-barackobama_lastUpdate", "1369686220616");
Line Found : user_pref("CT3239904.serviceLayer_services_app.twitter.user-britneyspears_lastUpdate", "1369686220686");
Line Found : user_pref("CT3239904.serviceLayer_services_app.twitter.user-eonline_lastUpdate", "1369686220735");
Line Found : user_pref("CT3239904.serviceLayer_services_app.twitter.user-justinbieber_lastUpdate", "1369686220648");
Line Found : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mariahcarey_lastUpdate", "1369686220674");
Line Found : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mileycyrus_lastUpdate", "1369686220722");
Line Found : user_pref("CT3239904.serviceLayer_services_app.twitter.user-ryanseacrest_lastUpdate", "1369686220799");
Line Found : user_pref("CT3239904.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369270578878");
Line Found : user_pref("CT3239904.serviceLayer_services_appsMetadata_lastUpdate", "1369686214828");
Line Found : user_pref("CT3239904.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1369686220984");
Line Found : user_pref("CT3239904.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368820223342");
Line Found : user_pref("CT3239904.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1364773095095");
Line Found : user_pref("CT3239904.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1364773096543");
Line Found : user_pref("CT3239904.serviceLayer_services_location_lastUpdate", "1372288573462");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366572172649");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.15.0.62_lastUpdate", "1364773096394");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.15.2.523_lastUpdate", "1371429213210");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372288696533");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.16.4.519_lastUpdate", "1376005893360");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377910670863");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.19.2.505_lastUpdate", "1379027705872");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380756047943");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382694871792");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384628506379");
Line Found : user_pref("CT3239904.serviceLayer_services_login_10.23.0.822_lastUpdate", "1394227720195");
Line Found : user_pref("CT3239904.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368820223395");
Line Found : user_pref("CT3239904.serviceLayer_services_searchAPI_lastUpdate", "1394150792676");
Line Found : user_pref("CT3239904.serviceLayer_services_serviceMap_lastUpdate", "1394150792145");
Line Found : user_pref("CT3239904.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368820223147");
Line Found : user_pref("CT3239904.serviceLayer_services_toolbarSettings_lastUpdate", "1394227720071");
Line Found : user_pref("CT3239904.serviceLayer_services_translation_lastUpdate", "1394150792121");
Line Found : user_pref("CT3239904.settingsINI", true);
Line Found : user_pref("CT3239904.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3239904.showToolbarPermission", "false");
Line Found : user_pref("CT3239904.smartbar.CTID", "CT3239904");
Line Found : user_pref("CT3239904.smartbar.Uninstall", "0");
Line Found : user_pref("CT3239904.smartbar.homepage", true);
Line Found : user_pref("CT3239904.smartbar.isHidden", true);
Line Found : user_pref("CT3239904.smartbar.toolbarName", "SocialSearchBar_App ");
Line Found : user_pref("CT3239904.startPage", "true");
Line Found : user_pref("CT3239904.toolbarBornServerTime", "1-4-2013");
Line Found : user_pref("CT3239904.toolbarCurrentServerTime", "8-3-2014");
Line Found : user_pref("CT3239904.toolbarLoginClientTime", "Sun Mar 31 2013 16:38:16 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3239904_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1394227718637,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3239904&octid=CT3239904&SearchSource=61&CUI=UN66929990917821126&UM=2&UP=SP32FD7AFC-90A2-4F93-85D4-DC3EDF0501FF");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "SocialSearchBar_App Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&CUI=UN66929990917821126&UM=2&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3239904");
Line Found : user_pref("browser.search.defaultenginename", "key-find");
Line Found : user_pref("browser.search.defaultthis.engineName", "SocialSearchBar_App Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&CUI=UN66929990917821126&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.order.2", "Mysearchdial");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.key-find.com/?type=hppp&ts=1398558533&from=tugs&uid=395049983_3149584_2270F15A");
Line Found : user_pref("extensions.crossrider.bic", "1453478731d768ae2cb183008a326e67");
Line Found : user_pref("extensions.helperbar.BackPageActive", true);
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.keepAliveLastevent", "1396744678");
Line Found : user_pref("extensions.helperbar.lastExternalJsUpdate", "1398474845765");
Line Found : user_pref("extensions.mysearchdial.cntry", "US");
Line Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Found : user_pref("extensions.mysearchdial.hdrMd5", "");
Line Found : user_pref("extensions.mysearchdial.lastB", "hxxp://www.key-find.com/?type=hppp&ts=1396744667&from=tugs&uid=395049983_3149584_2270F15A");
Line Found : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Line Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Found : user_pref("extensions.mysearchdial.sg", "{smplGrp}");

-\\ Google Chrome v

[ File : C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.key-find.com/web/?type=dspp&ts=1396220015&from=tugs&uid=395049983_3149584_2270F15A&q={searchTerms}
Found [Startup_urls] : hxxp://www.key-find.com/?type=hppp&ts=1396220015&from=tugs&uid=395049983_3149584_2270F15A
Found [Homepage] : hxxp://www.key-find.com/?type=hppp&ts=1396220015&from=tugs&uid=395049983_3149584_2270F15A
Found [Extension] : deghekbbihbapplmbffglehkdhkeibbm
Found [Extension] : majjphhgppkndjjkmhhnbgafooenebhd

*************************

AdwCleaner[R0].txt - [38512 octets] - [26/04/2014 17:50:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [38573 octets] ##########

 

 

 

# AdwCleaner v3.204 - Report created 26/04/2014 at 17:51:38
# Updated 26/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jenktr - JENKTR-PC
# Running from : C:\Users\jenktr\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : IePluginService
Service Deleted : Level Quality Watcher
[#] Service Deleted : qknfd
Service Deleted : SystemkService
[#] Service Deleted : Update FindRight
[#] Service Deleted : Util FindRight

***** [ Files / Folders ] *****

Folder Deleted : C:\AI_RecycleBin
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\Software Updater
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\Uninstaller
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\SavingsBull
Folder Deleted : C:\Users\jenktr\.android
Folder Deleted : C:\Users\jenktr\AppData\Local\Mobogenie
Folder Deleted : C:\Users\jenktr\AppData\Local\Tuguu_SL
Folder Deleted : C:\Users\jenktr\AppData\Local\Temp\AI_RecycleBin
Folder Deleted : C:\Users\jenktr\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\jenktr\AppData\Local\Temp\Mega Browse
Folder Deleted : C:\Users\jenktr\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\jenktr\AppData\LocalLow\MapsGalaxy_39EI
Folder Deleted : C:\Users\jenktr\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\jenktr\AppData\Roaming\1H1Q
Folder Deleted : C:\Users\jenktr\AppData\Roaming\Activeris
Folder Deleted : C:\Users\jenktr\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\jenktr\AppData\Roaming\key-find
Folder Deleted : C:\Users\jenktr\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\jenktr\AppData\Roaming\SupTab
Folder Deleted : C:\Users\jenktr\AppData\Roaming\Systweak
Folder Deleted : C:\Users\jenktr\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\jenktr\Documents\Mobogenie
Folder Deleted : C:\Users\jenktr\Documents\PC Health Kit
Folder Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Smartbar
Folder Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\ValueApps
Folder Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\[email protected]
Folder Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com
Folder Deleted : C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Folder Deleted : C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
File Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\jenktr\daemonprocess.txt
File Deleted : C:\Users\jenktr\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\Web Search.xml
File Deleted : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\user.js
File Deleted : C:\Windows\Tasks\APSnotifierPP1.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP1
File Deleted : C:\Windows\Tasks\APSnotifierPP2.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP2
File Deleted : C:\Windows\Tasks\APSnotifierPP3.job
File Deleted : C:\Windows\System32\Tasks\APSnotifierPP3
File Deleted : C:\Windows\System32\Tasks\LaunchApp
File Deleted : C:\Windows\Tasks\paretologic update version3.job
File Deleted : C:\Windows\System32\Tasks\paretologic update version3
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
File Deleted : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-1.job
File Deleted : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-1
File Deleted : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-2.job
File Deleted : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-2
File Deleted : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-3.job
File Deleted : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-3
File Deleted : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-4.job
File Deleted : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-4
File Deleted : C:\Windows\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-5.job
File Deleted : C:\Windows\System32\Tasks\40d5d6f1-67eb-4102-821f-0f0132da4ec6-5

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\prompt_installer-conduit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\prompt_installer-conduit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKLM\Software\IePlugin
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\MapsGalaxy_39EI
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SavingsBullFilter
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\Software\supTab
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win32c~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\syskldr.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suptab\search~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win64c~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\x64\syskldr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suptab\search~2.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\prefs.js ]

Line Deleted : user_pref("CT3239904.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3239904.1000082.muteState", "off");
Line Deleted : user_pref("CT3239904.1000082.state", "{\"state\":\"stopped\",\"text\":\"Jammin 10...\",\"description\":\"Jammin 107.7\",\"url\":\"hxxp://lightningstream.surfernetwork.com/Media/player/scripts/player.a[...]
Line Deleted : user_pref("CT3239904.1000234.TWC_TMP_city", "OLA");
Line Deleted : user_pref("CT3239904.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3239904.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3239904.1000234.TWC_locId", "USAR0421");
Line Deleted : user_pref("CT3239904.1000234.TWC_location", "Ola, AR");
Line Deleted : user_pref("CT3239904.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3239904.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3239904.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3239904.1000234.weatherData", "{\"icon\":\"28.png\",\"temperature\":\"84°F\",\"temperatureClear\":\"84°F\",\"highTemperature\":\"84°F\",\"lowTemperature\":\"66°F\",\"feelsLike\":\"85°F\",[...]
Line Deleted : user_pref("CT3239904.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.FF19Solved", "true");
Line Deleted : user_pref("CT3239904.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT3239904.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT3239904.Facebook_ctid_Connect_send_new.enc", "c2VuZGVk");
Line Deleted : user_pref("CT3239904.FirstTime", "true");
Line Deleted : user_pref("CT3239904.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3239904.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&CUI=UN66929990917821126&UM=2&q=");
Line Deleted : user_pref("CT3239904.UserID", "UN66929990917821126");
Line Deleted : user_pref("CT3239904.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3239904.autoDisableScopes", -1);
Line Deleted : user_pref("CT3239904.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3239904.countryCode", "US");
Line Deleted : user_pref("CT3239904.defaultSearch", "true");
Line Deleted : user_pref("CT3239904.enableAlerts", "true");
Line Deleted : user_pref("CT3239904.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3239904.enableSearchFromAddressBar", "false");
Line Deleted : user_pref("CT3239904.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3239904.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3239904.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3239904.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3239904.fixUrls", true);
Line Deleted : user_pref("CT3239904.fullUserID", "UN66929990917821126.UP.20130627141142");
Line Deleted : user_pref("CT3239904.homepageuserchanged", true);
Line Deleted : user_pref("CT3239904.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Deleted : user_pref("CT3239904.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Line Deleted : user_pref("CT3239904.installDate", "31/3/2013 16:37:50");
Line Deleted : user_pref("CT3239904.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3239904.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3239904.installUsage", "2013-04-01T02:38:14.9935574+03:00");
Line Deleted : user_pref("CT3239904.installUsageEarly", "2013-04-01T02:38:13.6363226+03:00");
Line Deleted : user_pref("CT3239904.installerVersion", "1.3.7.3");
Line Deleted : user_pref("CT3239904.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3239904.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3239904.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3239904.keyword", true);
Line Deleted : user_pref("CT3239904.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3239904&octid=CT3239904&SearchSource=15&CUI=UN66929990917821126&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3239904.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3239904.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3239904.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3239904.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://SocialSearchBarApp.OurToolbar.com/\",\[...]
Line Deleted : user_pref("CT3239904.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.openThankYouPage", "false");
Line Deleted : user_pref("CT3239904.openUninstallPage", "false");
Line Deleted : user_pref("CT3239904.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&CUI=UN66929990917821126&UM=&q=");
Line Deleted : user_pref("CT3239904.originalSearchEngine", "XFINITY");
Line Deleted : user_pref("CT3239904.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3239904.search.searchAppId", "129878973612432233");
Line Deleted : user_pref("CT3239904.search.searchCount", "2");
Line Deleted : user_pref("CT3239904.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3239904.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3239904.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3239904.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3239904.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3239904.searchUserMode", "2");
Line Deleted : user_pref("CT3239904.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3239904\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SocialSearchBarApp.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SocialSearchBar_App \"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3239904.serviceLayer_services_Configuration_lastUpdate", "1394150792752");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-barackobama_lastUpdate", "1369686220616");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-britneyspears_lastUpdate", "1369686220686");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-eonline_lastUpdate", "1369686220735");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-justinbieber_lastUpdate", "1369686220648");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mariahcarey_lastUpdate", "1369686220674");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-mileycyrus_lastUpdate", "1369686220722");
Line Deleted : user_pref("CT3239904.serviceLayer_services_app.twitter.user-ryanseacrest_lastUpdate", "1369686220799");
Line Deleted : user_pref("CT3239904.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369270578878");
Line Deleted : user_pref("CT3239904.serviceLayer_services_appsMetadata_lastUpdate", "1369686214828");
Line Deleted : user_pref("CT3239904.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1369686220984");
Line Deleted : user_pref("CT3239904.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1368820223342");
Line Deleted : user_pref("CT3239904.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1364773095095");
Line Deleted : user_pref("CT3239904.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1364773096543");
Line Deleted : user_pref("CT3239904.serviceLayer_services_location_lastUpdate", "1372288573462");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366572172649");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.15.0.62_lastUpdate", "1364773096394");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.15.2.523_lastUpdate", "1371429213210");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372288696533");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.4.519_lastUpdate", "1376005893360");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377910670863");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.19.2.505_lastUpdate", "1379027705872");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380756047943");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382694871792");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384628506379");
Line Deleted : user_pref("CT3239904.serviceLayer_services_login_10.23.0.822_lastUpdate", "1394227720195");
Line Deleted : user_pref("CT3239904.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1368820223395");
Line Deleted : user_pref("CT3239904.serviceLayer_services_searchAPI_lastUpdate", "1394150792676");
Line Deleted : user_pref("CT3239904.serviceLayer_services_serviceMap_lastUpdate", "1394150792145");
Line Deleted : user_pref("CT3239904.serviceLayer_services_toolbarContextMenu_lastUpdate", "1368820223147");
Line Deleted : user_pref("CT3239904.serviceLayer_services_toolbarSettings_lastUpdate", "1394227720071");
Line Deleted : user_pref("CT3239904.serviceLayer_services_translation_lastUpdate", "1394150792121");
Line Deleted : user_pref("CT3239904.settingsINI", true);
Line Deleted : user_pref("CT3239904.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3239904.showToolbarPermission", "false");
Line Deleted : user_pref("CT3239904.smartbar.CTID", "CT3239904");
Line Deleted : user_pref("CT3239904.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3239904.smartbar.homepage", true);
Line Deleted : user_pref("CT3239904.smartbar.isHidden", true);
Line Deleted : user_pref("CT3239904.smartbar.toolbarName", "SocialSearchBar_App ");
Line Deleted : user_pref("CT3239904.startPage", "true");
Line Deleted : user_pref("CT3239904.toolbarBornServerTime", "1-4-2013");
Line Deleted : user_pref("CT3239904.toolbarCurrentServerTime", "8-3-2014");
Line Deleted : user_pref("CT3239904.toolbarLoginClientTime", "Sun Mar 31 2013 16:38:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3239904_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1394227718637,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3239904&octid=CT3239904&SearchSource=61&CUI=UN66929990917821126&UM=2&UP=SP32FD7AFC-90A2-4F93-85D4-DC3EDF0501FF");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "SocialSearchBar_App Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&SearchSource=2&CUI=UN66929990917821126&UM=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3239904");
Line Deleted : user_pref("browser.search.defaultenginename", "key-find");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SocialSearchBar_App Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3239904&CUI=UN66929990917821126&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.2", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.key-find.com/?type=hppp&ts=1398558533&from=tugs&uid=395049983_3149584_2270F15A");
Line Deleted : user_pref("extensions.crossrider.bic", "1453478731d768ae2cb183008a326e67");
Line Deleted : user_pref("extensions.helperbar.BackPageActive", true);
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1396744678");
Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1398474845765");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://www.key-find.com/?type=hppp&ts=1396744667&from=tugs&uid=395049983_3149584_2270F15A");
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "");
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.sg", "{smplGrp}");

-\\ Google Chrome v

[ File : C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.key-find.com/web/?type=dspp&ts=1396220015&from=tugs&uid=395049983_3149584_2270F15A&q={searchTerms}
Deleted [Startup_urls] : hxxp://www.key-find.com/?type=hppp&ts=1396220015&from=tugs&uid=395049983_3149584_2270F15A
Deleted [Homepage] : hxxp://www.key-find.com/?type=hppp&ts=1396220015&from=tugs&uid=395049983_3149584_2270F15A
Deleted [Extension] : deghekbbihbapplmbffglehkdhkeibbm
Deleted [Extension] : majjphhgppkndjjkmhhnbgafooenebhd

*************************

AdwCleaner[R0].txt - [38782 octets] - [26/04/2014 17:50:07]
AdwCleaner[S0].txt - [33993 octets] - [26/04/2014 17:51:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [34054 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by jenktr on Sat 04/26/2014 at 17:59:42.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Empty Folder] C:\Users\jenktr\appdata\local\{0C1B0F77-7A35-4AC1-9982-344AC1815662}
Successfully deleted: [Empty Folder] C:\Users\jenktr\appdata\local\{A863ECBB-8250-470A-BCFC-A897B2CD069E}
Successfully deleted: [Empty Folder] C:\Users\jenktr\appdata\local\{BC351145-B876-4FBA-944B-702CD93A92B5}
Successfully deleted: [Empty Folder] C:\Users\jenktr\appdata\local\{BDB15931-BA3B-4182-8F6A-A52128E200C2}
Successfully deleted: [Empty Folder] C:\Users\jenktr\appdata\local\{DDA36195-EA6F-47EE-82F2-292ACDA61063}

 

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
Emptied folder: C:\Users\jenktr\AppData\Roaming\mozilla\firefox\profiles\bsizuzie.default\minidumps [166 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/26/2014 at 18:06:44.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.27.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16659
jenktr :: JENKTR-PC [administrator]

4/26/2014 6:15:49 PM
mbam-log-2014-04-26 (18-15-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238256
Time elapsed: 12 minute(s), 24 second(s)

Memory Processes Detected: 4
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> 2324 -> Delete on reboot.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlerts.exe (PUP.Optional.StormAlerts.A) -> 2408 -> Delete on reboot.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsApp.exe (PUP.Optional.StormAlerts.A) -> 3200 -> Delete on reboot.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\ContentExplorer.exe (PUP.Optional.ContentExplorer.A) -> 3960 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 21
HKLM\SYSTEM\CurrentControlSet\Services\ConvertFilesforFreeUpdt (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{22B58425-A384-436c-A334-BB9255664D10} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\Interface\{951F4658-6461-46AD-AB13-F73E7FCBE6DB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\ConvertFilesforFree.1 (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCR\ConvertFilesforFree (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB} (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} (PUP.Optional.Linkey.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} (PUP.Optional.Linkey.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StormAlerts (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Convert Files for Free (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\HQVideoB (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QUIKNOWLEDGE (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SystemK\General (PUP.Optional.SettingsManager.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SYSTEMK (PUP.Optional.SettingsManager.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ZUpdater\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
HKLM\Software\HQVideoB (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQVideoB (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ContentExplorer (PUP.Optional.ContentExplorer.A) -> Data: "C:\Users\jenktr\AppData\Roaming\ContentExplorer\ContentExplorer.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|extension@Convert_Files_for_Free.com (PUP.Optional.FreeFileConverter.A) -> Data: C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Quiknowledge|ie-ver (PUP.Optional.Quiknowledge.A) -> Data: 11.0.9600.16521 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SystemK|browser (PUP.Optional.SettingsManager.A) -> Data:  ie ff cr -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 21
C:\Users\jenktr\AppData\Local\StormAlerts (PUP.Optional.StormAlerts.A) -> Delete on reboot.
C:\Users\jenktr\AppData\Local\StormAlerts\0323161158 (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0327165422 (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128 (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\ProgramData\systemk (PUP.Optional.SystemK.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer (PUP.Optional.ContentExplorer.A) -> Delete on reboot.
C:\Program Files (x86)\Convert Files for Free (PUP.Optional.FreeFileConverter.A) -> Delete on reboot.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults\preferences (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_mcqfoqjkhdbkc0fbl12xo2nl51xn5zof (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_mcqfoqjkhdbkc0fbl12xo2nl51xn5zof\1.6.0.0 (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Quarantined and deleted successfully.
C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\deghekbbihbapplmbffglehkdhkeibbm (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.

Files Detected: 223
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe (PUP.Optional.FreeFileConverter.A) -> Delete on reboot.
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1522728210-3906803090-313747741-1000\$R0AOIQA.exe (PUP.Optional.AirAdInstaller) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1522728210-3906803090-313747741-1000\$R5WZ7SV.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1522728210-3906803090-313747741-1000\$R6KO2PB.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1522728210-3906803090-313747741-1000\$R77P1E1.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1522728210-3906803090-313747741-1000\$RBENFCP.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1522728210-3906803090-313747741-1000\$RKOS16X.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1522728210-3906803090-313747741-1000\$RKXKD14.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\air2CAC.exe (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\air84F2.exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\air96A9.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\ICReinstall_nsbCA82.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\ICReinstall_nsf405C.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\ICReinstall_nsh2F2E.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\ICReinstall_nsh37E4.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\ICReinstall_nshE2A4.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\ICReinstall_nsn1068.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\jki5936.tmp (PUP.Optional.Monetizer) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsbCA82.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsc6A46.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsf405C.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsgFB13.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsh1169.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsh2F2E.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsh37E4.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsh7C82.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nshE2A4.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsm6E7B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsmA49B.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsn1068.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsr159E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsw1C0B.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsw4E3.tmp (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\93862294-3b60-4cee-bbb2-bdd05c78503a\android.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\93862294-3b60-4cee-bbb2-bdd05c78503a\spidentifierimpl.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\93862294-3b60-4cee-bbb2-bdd05c78503a\software\mediaplayerplus.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\93862294-3b60-4cee-bbb2-bdd05c78503a\software\OptimizerPro.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\93862294-3b60-4cee-bbb2-bdd05c78503a\software\Re-markit_2040-2082.exe (PUP.Optional.ReMarkIt.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\93862294-3b60-4cee-bbb2-bdd05c78503a\software\setup.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\93862294-3b60-4cee-bbb2-bdd05c78503a\software\tugs_key-find.exe (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\93862294-3b60-4cee-bbb2-bdd05c78503a\software\VOPackage.exe (PUP.Optional.SilenceInstall) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\android\android.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\AU\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\fullpackage_temp1396213489\alilog.dll (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\fullpackage_temp1396213489\package1.zip (PUP.Optional.SkyTech.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\fullpackage_temp1396213489\tmp\SupTab.exe (PUP.Optional.IePluginService.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is1597349865\45813881_stp\HomePageDLL.dll (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is1597349865\45814027_stp\FindRightSetup.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is1597349865\45814106_stp\StormAlertsSetup.exe (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is1597349865\45814110_stp\rcpsetup_adppi15_adppi15.exe (PUP.Optional.RegCleanPro) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is4247860\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is45637729\1890353_stp\HomePageDLL.dll (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is45637729\1904366_stp\rcpsetup_adppi12_adppi12.exe (PUP.Optional.RegCleanPro) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is45637729\1907238_stp\setup.exe (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is45637729\1933151_stp\HomePageDLL.dll (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is45637729\1933464_stp\quiknowledge-setup-1.9.0.1.exe (PUP.Optional.Quiknowledge.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is45637729\1947446_stp\HomePageDLL.dll (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is45637729\95601_stp\HomePageDLL.dll (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\is45874028\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Temp\nsxB91C\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsc4D68.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsdA905.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsdA906.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nse1B78.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsh659A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsiA84F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsjD9DC.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nslC860.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nso1B68.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nso3F5D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nso61E9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nspC0A4.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsq4A9C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsqC047.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsr6980.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nss92AC.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nss92AD.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nssABA9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nstB6C1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsvA46D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsvBC21.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsx50F1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsy92F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\DriverSetup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\EmailNotifierSetup.exe (PUP.Optional.ToolBarInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\Firefox_Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\iLividSetup-r287-n-bf.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\musicoasis_d6948474.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\videoperformerSetup.exe (PUP.Optional.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\wupdate_Setup(1).exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\wupdate_Setup(2).exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Downloads\wupdate_Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsuninstall.exe (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\BSKEBP65\ConvertFilesforFree_7.12_Airinstaller3_release[1].exe (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\BSKEBP65\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\KMKCAJM2\Inbox64[1].cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\KMKCAJM2\Setup[2].exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\KMKCAJM2\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\N5R3P14X\Inbox[1].cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\N5R3P14X\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\THGUED5S\air_US_savingsbull_90F95EB5-0416-46BB-A51B-9A987DFB34BD[1].exe (PUP.Optional.Savingsbull) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\THGUED5S\CEInstaller[1].exe (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\THGUED5S\Inbox_dll[1].cab (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\THGUED5S\sp-downloaderB[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\Local Settings\Temporary Internet Files\Content.IE5\THGUED5S\StormAlertsSetup[1].exe (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsBrowser.exe.config (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\mod.StormAlertsApp0.dat (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\SAUpdater.exe (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\SAUpdater.exe.config (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlerts.exe (PUP.Optional.StormAlerts.A) -> Delete on reboot.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlerts.exe.config (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsApp.exe (PUP.Optional.StormAlerts.A) -> Delete on reboot.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsApp.exe.config (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsApp0.dat (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsBrowser.exe (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsK.dat (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\StormAlertsU.dat (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\uninstall.exe (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0323161158\3704.3704.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0323161158\mergetree (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0327165422\3704.3704.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0327165422\3705.3705.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0327165422\3706.3706.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0327165422\mergetree (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.0.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.1.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.10.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.11.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.12.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.13.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.14.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.15.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.16.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.17.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.18.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.19.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.2.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.20.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.21.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.22.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.23.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.24.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.25.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.26.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.27.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.28.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.29.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.3.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.30.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.31.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.32.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.33.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.34.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.35.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.36.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.37.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.38.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.39.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.4.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.40.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.41.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.42.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.5.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.6.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.7.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.8.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\StormAlerts\0401163128\3714.9.tmp (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\ProgramData\systemk\general.cfg (PUP.Optional.SystemK.A) -> Quarantined and deleted successfully.
C:\ProgramData\systemk\coordinator.cfg (PUP.Optional.SystemK.A) -> Quarantined and deleted successfully.
C:\ProgramData\systemk\S-1-5-21-1522728210-3906803090-313747741-1000.cfg (PUP.Optional.SystemK.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\ContentExplorer.exe (PUP.Optional.ContentExplorer.A) -> Delete on reboot.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\RootCert.cer (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\certutil.exe (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\corelib.dll (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\libnspr4.dll (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\libplc4.dll (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\libplds4.dll (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\makecert.exe (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\nss3.dll (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\smime3.dll (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\softokn3.dll (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\ContentExplorer\uninstall.exe (PUP.Optional.ContentExplorer.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0.localstorage (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0.localstorage-journal (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml (PUP.Optional.DefaultSearch.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\install.ico (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\uninstall.exe (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\chrome.manifest (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\install.rdf (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content\browserOverlay.js (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\content\browserOverlay.xul (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Convert Files for Free\extension@Convert_Files_for_Free.com\defaults\preferences\defaults.js (PUP.Optional.FreeFileConverter.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts\Storm Alerts.lnk (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_mcqfoqjkhdbkc0fbl12xo2nl51xn5zof\1.6.0.0\user.config (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0\1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_deghekbbihbapplmbffglehkdhkeibbm_0\1-journal (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\000003.log (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\CURRENT (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\LOCK (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\LOG (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\deghekbbihbapplmbffglehkdhkeibbm\MANIFEST-000002 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\40d5d6f1-67eb-4102-821f-0f0132da4ec6-2.exe (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\40d5d6f1-67eb-4102-821f-0f0132da4ec6-3.exe (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\40d5d6f1-67eb-4102-821f-0f0132da4ec6-4.exe (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\40d5d6f1-67eb-4102-821f-0f0132da4ec6-5.exe (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\53172.crx (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\53172.xpi (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\background.html (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\HQVideoB-bg.exe (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\HQVideoB-bho.dll (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\HQVideoB-bho64.dll (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\HQVideoB-codedownloader.exe (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\HQVideoB.ico (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\Uninstall.exe (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HQVideoB\utils.exe (PUP.Optional.HQVideo.A) -> Quarantined and deleted successfully.

(end)

 

Thanks!!

 


  • 0

#4
zep516
Posted 26 April 2014 - 07:47 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Can you post a new OTL Log, right click, run as administrator, run scan, post log report.

Joe
  • 0

#5
jp17315
Posted 26 April 2014 - 10:28 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

OTL log:

 

OTL logfile created on: 4/26/2014 9:15:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jenktr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.39 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 66.58% Memory free
6.79 Gb Paging File | 5.57 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 398.31 Gb Free Space | 88.78% Space Free | Partition Type: NTFS
 
Computer Name: JENKTR-PC | User Name: jenktr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/25 19:59:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jenktr\Downloads\OTL.exe
PRC - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
PRC - [2014/03/06 09:09:44 | 000,146,736 | ---- | M] () -- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 10:50:39 | 000,456,064 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe
PRC - [2013/12/13 10:50:28 | 000,814,976 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe
PRC - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/04/04 17:04:54 | 000,031,664 | ---- | M] (Stronghold Online Backup) -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\SMessaging.exe
PRC - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2010/11/10 00:30:00 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 03:06:30 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/04/23 03:05:59 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/04/23 03:05:58 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/04/23 03:05:56 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/04/23 03:03:37 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/04/23 03:03:29 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/23 03:03:27 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/04/23 03:03:27 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\2526b5a3ab48717e858a08c3a4a8000c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/04/23 03:03:25 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/04/23 03:03:25 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/04/23 03:03:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/04/23 03:03:20 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/23 03:03:17 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/23 03:03:17 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/23 03:03:17 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/04/23 03:03:15 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/04/23 03:03:13 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/04/23 03:03:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/23 03:03:12 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/04/23 03:03:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/23 03:03:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/03/06 09:09:44 | 000,146,736 | ---- | M] () -- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MOD - [2014/02/12 20:58:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\801b632b8b7ef72f14333dbce41524b8\System.Xml.Linq.ni.dll
MOD - [2014/02/12 20:58:35 | 009,923,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\d45d35e537027d3bd6d30bdbbf72ff0e\System.Data.Entity.ni.dll
MOD - [2014/02/12 20:58:05 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\e383182777b770f5eb30064b782bff53\System.Data.DataSetExtensions.ni.dll
MOD - [2014/02/12 20:58:04 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c2dde6ca38ddab8efae49654fbabc14c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/02/12 20:57:34 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/02/12 20:57:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/12 19:32:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cd3556d1162e8f7df77611c9c4253f7c\System.Transactions.ni.dll
MOD - [2014/02/12 19:32:10 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/12 19:31:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 19:31:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 19:31:28 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/12 19:31:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 19:31:07 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 19:31:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 19:30:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/12/13 10:50:42 | 000,551,296 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.SystemNotification.dll
MOD - [2013/12/13 10:50:41 | 000,019,840 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ClientMessaging.dll
MOD - [2013/12/13 10:50:41 | 000,012,672 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.SchedulerPlugInUpdate.dll
MOD - [2013/12/13 10:50:39 | 000,456,064 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe
MOD - [2013/12/13 10:50:38 | 000,018,304 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Environment.Identification.dll
MOD - [2013/12/13 10:50:38 | 000,011,648 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ApplicationUpdate.dll
MOD - [2013/12/13 10:50:37 | 000,014,208 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.Backup.dll
MOD - [2013/12/13 10:50:36 | 000,013,696 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.DropListener.dll
MOD - [2013/12/13 10:50:35 | 000,013,696 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Metadata.dll
MOD - [2013/12/13 10:50:34 | 000,027,520 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Models.dll
MOD - [2013/12/13 10:50:34 | 000,012,672 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.NotificationUpdate.dll
MOD - [2013/12/13 10:50:33 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Metrics.dll
MOD - [2013/12/13 10:50:32 | 000,012,672 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Helpers.dll
MOD - [2013/12/13 10:50:31 | 000,019,328 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.SosManagement.dll
MOD - [2013/12/13 10:50:30 | 000,023,424 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Metrics.Dispatching.dll
MOD - [2013/12/13 10:50:29 | 000,138,624 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Data.Repository.dll
MOD - [2013/12/13 10:50:29 | 000,014,720 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.ApplicationManagement.dll
MOD - [2013/12/13 10:50:28 | 000,814,976 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe
MOD - [2013/12/13 10:50:27 | 000,037,760 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BBV.Framework.dll
MOD - [2013/12/13 10:50:27 | 000,020,352 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.StrongholdManagement.dll
MOD - [2013/07/30 14:59:51 | 000,021,504 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Browsers.Firefox.dll
MOD - [2013/07/30 14:59:51 | 000,010,752 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Browsers.Chrome.dll
MOD - [2013/07/29 12:03:56 | 000,011,264 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ExtensionUpdate.dll
MOD - [2013/02/27 17:19:29 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\System.ComponentModel.Composition.dll
MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/10 20:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/06/29 08:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2014/03/16 09:40:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/01/27 18:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/06/21 12:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys -- ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 23:24:01 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/02 23:24:01 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/02 23:24:01 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/29 10:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 08:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 05:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 05:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/14 20:25:56 | 000,280,656 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearc...=1847788737&ir=
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNVC_enUS581
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50051;https=127.0.0.1:50051
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "default-search.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: idmsq%40idmsq.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
[2012/11/05 10:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Extensions
[2014/04/26 17:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions
[2014/04/05 17:37:13 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}
[2013/03/01 16:16:29 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/03/30 13:55:59 | 000,000,000 | ---D | M] (Internet Download Manager Squared) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/04/05 17:37:47 | 000,002,579 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\default-search.xml
[2014/04/26 17:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 23:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/26 17:29:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: key-find (Enabled)
CHR - default_search_provider: search_url = http://www.key-find....q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Wallet = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/03/29 10:42:35 | 000,000,867 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1            d3oxij66pru1i3.cloudfront.net
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (no name) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - No CLSID value found.
O2:64bit: - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SMessaging] C:\Users\jenktr\AppData\Local\Super Backup Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [BackupAgent] C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe ()
O4 - HKCU..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe ()
O4 - Startup: C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperBackupApp.lnk = C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7C91D0-91FF-4815-A336-570C3EBB3890}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/26 18:14:36 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Malwarebytes
[2014/04/26 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/04/26 18:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/26 18:14:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/04/26 18:12:59 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 18:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2014/04/26 17:59:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 17:50:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 17:50:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 17:46:00 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/26 17:29:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/25 19:42:50 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/22 03:04:27 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/05 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\com
[2014/04/05 09:20:48 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\IsolatedStorage
[2014/04/05 09:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[2014/04/05 09:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Earth Networks
[2014/04/05 09:20:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}
[2014/03/30 15:42:14 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Google
[2014/03/30 15:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Real
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/03/30 15:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/03/30 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Real
[2014/03/30 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\cache
[2014/03/30 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Google
[2014/03/30 15:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/03/30 15:38:01 | 001,090,218 | ---- | C] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/30 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/03/29 10:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/03/29 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Yahoo!
[2014/03/29 10:40:39 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2014/03/29 10:40:36 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
[1 C:\Users\jenktr\AppData\Local\*.tmp files -> C:\Users\jenktr\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/26 21:14:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/26 21:14:36 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2014/04/26 21:14:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/26 21:14:25 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/26 18:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/26 18:38:39 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 18:38:39 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 18:14:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 18:13:08 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 17:51:46 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 17:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/26 17:46:10 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/26 17:44:56 | 001,329,501 | ---- | M] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/26 17:37:22 | 000,000,169 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/26 17:32:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/25 20:00:31 | 000,001,103 | ---- | M] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/25 19:07:53 | 000,001,162 | ---- | M] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/04/25 17:01:20 | 001,090,218 | ---- | M] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/21 14:15:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/05 09:20:25 | 000,001,899 | ---- | M] () -- C:\Users\jenktr\Desktop\WeatherBug®.lnk
[2014/03/30 14:57:00 | 000,001,120 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/03/30 14:53:00 | 000,001,417 | ---- | M] () -- C:\Users\jenktr\Desktop\Internet Explorer.lnk
[2014/03/30 14:52:59 | 000,001,441 | ---- | M] () -- C:\Users\jenktr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/30 07:09:53 | 000,281,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\jenktr\AppData\Local\*.tmp files -> C:\Users\jenktr\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/26 18:14:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 17:44:50 | 001,329,501 | ---- | C] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/25 20:00:31 | 000,001,103 | ---- | C] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/25 19:07:53 | 000,001,162 | ---- | C] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/04/05 09:20:25 | 000,001,899 | ---- | C] () -- C:\Users\jenktr\Desktop\WeatherBug®.lnk
[2014/03/30 15:38:52 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/30 15:38:51 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 14:04:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/03 09:36:07 | 000,000,088 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\WB.CFG
[2013/04/14 01:52:46 | 000,000,169 | ---- | C] () -- C:\Windows\wininit.ini
 
========== ZeroAccess Check ==========
 
[2013/03/30 13:20:05 | 000,000,043 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1522728210-3906803090-313747741-1000\$R4L2OGD.com_files\l.gif
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/25 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Barnes & Noble
[2013/03/24 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2014/03/16 14:49:30 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\CompuClever
[2014/03/29 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2012/10/16 17:57:36 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\OEM
[2013/04/04 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\WildTangent
[2013/09/14 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/01/19 17:15:40 | 000,000,000 | ---D | M](C:\Users?tenktr) -- C:\Users鼠tenktr
[2014/01/19 17:15:40 | 000,000,000 | ---D | C](C:\Users?tenktr) -- C:\Users鼠tenktr
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 


  • 0

#6
zep516
Posted 26 April 2014 - 10:48 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello jp17315,

Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearc...=1847788737&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50051;https=127.0.0.1:50051
O2:64bit: - BHO: (no name) - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - No CLSID value found.
O2:64bit: - BHO: (ConvertFilesforFree) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
[1 C:\Users\jenktr\AppData\Local\*.tmp files -> C:\Users\jenktr\AppData\Local\*.tmp -> ]
[2014/01/19 17:15:40 | 000,000,000 | ---D | M](C:\Users?tenktr) -- C:\Users鼠tenktr
[2014/01/19 17:15:40 | 000,000,000 | ---D | C](C:\Users?tenktr) -- C:\Users鼠tenktr
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:

1 The OTL Fix log. That log should pop up in front of you after fix runs, or it can be found here--> C:\_OTL\Moved Files
2 Post a new OTL After quick scan is run.

Tell me how the computer is now

Thanks
Joe :)
  • 0

#7
jp17315
Posted 27 April 2014 - 08:27 AM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

It is a lot better Joe! I was surfing the net to see if or how many pops come up and there was only 2. I coppied this one for you.

 

http://tracktrk.net 

 

There was one other one but I dinn't copy the address.

 

Here is the logs you want:

 

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ deleted successfully.
C:\Windows\SysNative\tasklist.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe\ deleted successfully.
File C:\Windows\SysNative\tasklist.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
C:\Users\jenktr\AppData\Local\nsnE2E2.tmp deleted successfully.
C:\Users鼠tenktr folder moved successfully.
Folder C:\Users鼠tenktr\ not found.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jenktr\Downloads\cmd.bat deleted successfully.
C:\Users\jenktr\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: jenktr
->Temp folder emptied: 626978591 bytes
->Temporary Internet Files folder emptied: 490863004 bytes
->FireFox cache emptied: 134801323 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 96839 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 327581299 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78106 bytes
RecycleBin emptied: 333956526 bytes
 
Total Files Cleaned = 1,826.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04272014_065848

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
C:\Users\jenktr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\jenktr\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\hsperfdata_JENKTR-PC$\1576 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

OTL logfile created on: 4/27/2014 7:07:26 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jenktr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.39 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 62.18% Memory free
6.79 Gb Paging File | 5.29 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 402.65 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
 
Computer Name: JENKTR-PC | User Name: jenktr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/25 19:59:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jenktr\Downloads\OTL.exe
PRC - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
PRC - [2014/03/06 09:09:44 | 000,146,736 | ---- | M] () -- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 10:50:39 | 000,456,064 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe
PRC - [2013/12/13 10:50:28 | 000,814,976 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe
PRC - [2012/04/04 17:04:54 | 000,031,664 | ---- | M] (Stronghold Online Backup) -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\SMessaging.exe
PRC - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2010/11/10 00:30:00 | 000,145,288 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2010/11/10 00:30:00 | 000,128,904 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2010/11/10 00:30:00 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 03:06:30 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/04/23 03:05:59 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/04/23 03:05:58 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/04/23 03:05:56 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/04/23 03:03:37 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/04/23 03:03:29 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/04/23 03:03:27 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/04/23 03:03:27 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\2526b5a3ab48717e858a08c3a4a8000c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/04/23 03:03:25 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/04/23 03:03:25 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/04/23 03:03:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/04/23 03:03:20 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/04/23 03:03:17 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/04/23 03:03:17 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/04/23 03:03:17 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/04/23 03:03:15 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/04/23 03:03:13 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/04/23 03:03:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/04/23 03:03:12 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/04/23 03:03:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/04/23 03:03:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/03/06 09:09:44 | 000,146,736 | ---- | M] () -- C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MOD - [2014/02/12 20:58:40 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\801b632b8b7ef72f14333dbce41524b8\System.Xml.Linq.ni.dll
MOD - [2014/02/12 20:58:35 | 009,923,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\d45d35e537027d3bd6d30bdbbf72ff0e\System.Data.Entity.ni.dll
MOD - [2014/02/12 20:58:05 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\e383182777b770f5eb30064b782bff53\System.Data.DataSetExtensions.ni.dll
MOD - [2014/02/12 20:58:04 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c2dde6ca38ddab8efae49654fbabc14c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/02/12 20:57:34 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/02/12 20:57:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/12 19:32:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cd3556d1162e8f7df77611c9c4253f7c\System.Transactions.ni.dll
MOD - [2014/02/12 19:32:10 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/02/12 19:31:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 19:31:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 19:31:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 19:31:07 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 19:31:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 19:30:54 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/12/13 10:50:42 | 000,551,296 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.SystemNotification.dll
MOD - [2013/12/13 10:50:41 | 000,019,840 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ClientMessaging.dll
MOD - [2013/12/13 10:50:41 | 000,012,672 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.SchedulerPlugInUpdate.dll
MOD - [2013/12/13 10:50:39 | 000,456,064 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe
MOD - [2013/12/13 10:50:38 | 000,018,304 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Environment.Identification.dll
MOD - [2013/12/13 10:50:38 | 000,011,648 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ApplicationUpdate.dll
MOD - [2013/12/13 10:50:37 | 000,014,208 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.Backup.dll
MOD - [2013/12/13 10:50:36 | 000,013,696 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.DropListener.dll
MOD - [2013/12/13 10:50:35 | 000,013,696 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Metadata.dll
MOD - [2013/12/13 10:50:34 | 000,027,520 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Models.dll
MOD - [2013/12/13 10:50:34 | 000,012,672 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.NotificationUpdate.dll
MOD - [2013/12/13 10:50:33 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Metrics.dll
MOD - [2013/12/13 10:50:32 | 000,012,672 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Infrastructure.Helpers.dll
MOD - [2013/12/13 10:50:31 | 000,019,328 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.SosManagement.dll
MOD - [2013/12/13 10:50:30 | 000,023,424 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Metrics.Dispatching.dll
MOD - [2013/12/13 10:50:29 | 000,138,624 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\Data.Repository.dll
MOD - [2013/12/13 10:50:29 | 000,014,720 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.ApplicationManagement.dll
MOD - [2013/12/13 10:50:28 | 000,814,976 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe
MOD - [2013/12/13 10:50:27 | 000,037,760 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BBV.Framework.dll
MOD - [2013/12/13 10:50:27 | 000,020,352 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\BusinessLogic.StrongholdManagement.dll
MOD - [2013/07/30 14:59:51 | 000,021,504 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Browsers.Firefox.dll
MOD - [2013/07/30 14:59:51 | 000,010,752 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Browsers.Chrome.dll
MOD - [2013/07/29 12:03:56 | 000,011,264 | ---- | M] () -- C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Services\Temp\Support.BackupAgent.ExtensionUpdate.dll
MOD - [2013/02/27 17:19:29 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Super Backup Online Backup\System.ComponentModel.Composition.dll
MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/10 20:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/06/29 08:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2014/03/16 09:40:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/01/27 18:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/06/21 12:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys -- ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 23:24:01 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/02 23:24:01 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/02 23:24:01 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/29 10:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 08:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 05:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 05:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/14 20:25:56 | 000,280,656 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNVC_enUS581
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "default-search.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: idmsq%40idmsq.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
[2012/11/05 10:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Extensions
[2014/04/26 17:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions
[2014/04/05 17:37:13 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}
[2013/03/01 16:16:29 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/03/30 13:55:59 | 000,000,000 | ---D | M] (Internet Download Manager Squared) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/04/05 17:37:47 | 000,002,579 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\default-search.xml
[2014/04/26 17:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 23:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/26 17:29:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: key-find (Enabled)
CHR - default_search_provider: search_url = http://www.key-find....q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Wallet = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/04/27 07:01:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SMessaging] C:\Users\jenktr\AppData\Local\Super Backup Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [BackupAgent] C:\Program Files (x86)\Super Backup Online Backup\BackupAgent.exe ()
O4 - HKCU..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe ()
O4 - Startup: C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperBackupApp.lnk = C:\Users\jenktr\AppData\Local\Super Backup Online Backup\Super Backup\SuperBackupApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7C91D0-91FF-4815-A336-570C3EBB3890}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/27 06:58:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/26 18:14:36 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Malwarebytes
[2014/04/26 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/04/26 18:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/26 18:14:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/04/26 18:12:59 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 18:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2014/04/26 17:59:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 17:50:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 17:50:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 17:46:00 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/26 17:29:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/25 19:42:50 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/22 03:04:27 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/05 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\com
[2014/04/05 09:20:48 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\IsolatedStorage
[2014/04/05 09:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[2014/04/05 09:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Earth Networks
[2014/04/05 09:20:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}
[2014/03/30 15:42:14 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Google
[2014/03/30 15:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Real
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/03/30 15:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/03/30 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Real
[2014/03/30 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\cache
[2014/03/30 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Google
[2014/03/30 15:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/03/30 15:38:01 | 001,090,218 | ---- | C] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/30 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2014/03/29 10:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/03/29 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Yahoo!
[2014/03/29 10:40:39 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2014/03/29 10:40:36 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager Upgrade
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/27 07:03:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/27 07:03:36 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2014/04/27 07:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/27 07:03:22 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/27 07:01:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/27 07:01:29 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/27 07:01:29 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 18:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/26 18:14:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 18:13:08 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 17:51:46 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 17:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/26 17:46:10 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/26 17:44:56 | 001,329,501 | ---- | M] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/26 17:37:22 | 000,000,169 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/26 17:32:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/25 20:00:31 | 000,001,103 | ---- | M] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/25 19:07:53 | 000,001,162 | ---- | M] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/04/25 17:01:20 | 001,090,218 | ---- | M] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/21 14:15:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/05 09:20:25 | 000,001,899 | ---- | M] () -- C:\Users\jenktr\Desktop\WeatherBug®.lnk
[2014/03/30 14:57:00 | 000,001,120 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/03/30 14:53:00 | 000,001,417 | ---- | M] () -- C:\Users\jenktr\Desktop\Internet Explorer.lnk
[2014/03/30 14:52:59 | 000,001,441 | ---- | M] () -- C:\Users\jenktr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/30 07:09:53 | 000,281,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/04/26 18:14:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 17:44:50 | 001,329,501 | ---- | C] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/25 20:00:31 | 000,001,103 | ---- | C] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/25 19:07:53 | 000,001,162 | ---- | C] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/04/05 09:20:25 | 000,001,899 | ---- | C] () -- C:\Users\jenktr\Desktop\WeatherBug®.lnk
[2014/03/30 15:38:52 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/30 15:38:51 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 14:04:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/03 09:36:07 | 000,000,088 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\WB.CFG
[2013/04/14 01:52:46 | 000,000,169 | ---- | C] () -- C:\Windows\wininit.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/25 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Barnes & Noble
[2013/03/24 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2014/03/16 14:49:30 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\CompuClever
[2014/03/29 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2012/10/16 17:57:36 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\OEM
[2013/04/04 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\WildTangent
[2013/09/14 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

Thanks Joe!
 


  • 0

#8
zep516
Posted 27 April 2014 - 09:08 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

What browser do you see the pop ups in, so when I search the log it will be a bit easier ?

Joe
  • 0

#9
jp17315
Posted 27 April 2014 - 03:41 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

Hi Joe the browser is firefox! Sometimes they open in a new window sometimes in a new tab!


  • 0

#10
zep516
Posted 27 April 2014 - 05:49 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Did you install this program Super Backup Online Backup it's in your programs an features list, I would uninstall it.

Let me know.
  • 0

Advertisements

#11
jp17315
Posted 27 April 2014 - 06:48 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

i am not sure, Joe! Not my computer and I just called the woner and left a voice mail message. As soon as I find out I will let you know! i would say it was installed without her knowledge!


  • 0

#12
zep516
Posted 27 April 2014 - 06:54 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

OK,

Sounds good, I don't like the looks of it, and it may cause pop ups too. Weatherbug is another one I don't like either.

 

Let me know.


  • 0

#13
jp17315
Posted 28 April 2014 - 08:56 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

Joe I never heard back from the owner but lets go ahead and delete those two programs. I trust your judgment and if she wants the weatherbug back she can install it herself again. as to the super online back program I doubt she downloaded that herself. She is not very technically minded!


  • 0

#14
zep516
Posted 28 April 2014 - 09:00 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK,

Remove them, then post a fresh OTL LOG so I can see what is left.

Thanks
Joe :)
  • 0

#15
jp17315
Posted 28 April 2014 - 09:58 PM

jp17315

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

Deleted Weatherbug and Super online super backup.

 

Here is the new OTL log:

 

OTL logfile created on: 4/28/2014 8:52:06 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jenktr\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.39 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 51.82% Memory free
6.79 Gb Paging File | 4.95 Gb Available in Paging File | 72.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.66 Gb Total Space | 401.89 Gb Free Space | 89.57% Space Free | Partition Type: NTFS
 
Computer Name: JENKTR-PC | User Name: jenktr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/25 19:59:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jenktr\Downloads\OTL.exe
PRC - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2010/11/10 00:30:00 | 000,145,288 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2010/11/10 00:30:00 | 000,128,904 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2010/11/10 00:30:00 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/10 20:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 21:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/06 18:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/06/29 08:42:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV - [2014/03/16 09:40:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2014/01/27 18:15:18 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/06/21 12:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010/11/10 00:29:00 | 000,128,904 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys -- ({29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 23:24:01 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/02 23:24:01 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/02 23:24:01 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/29 10:33:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/29 08:00:52 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 05:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 05:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/14 20:25:56 | 000,280,656 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7RNVC_enUS581
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}: "URL" = http://www.default-s...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "default-search.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: idmsq%40idmsq.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
 
[2012/11/05 10:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Extensions
[2014/04/26 17:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions
[2014/04/05 17:37:13 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{37F9163C-392F-354F-E58C-3C8922A98E9E}
[2013/03/01 16:16:29 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/03/30 13:55:59 | 000,000,000 | ---D | M] (Internet Download Manager Squared) -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\extensions\[email protected]
[2014/04/05 17:37:47 | 000,002,579 | ---- | M] () -- C:\Users\jenktr\AppData\Roaming\Mozilla\Firefox\Profiles\bsizuzie.default\searchplugins\default-search.xml
[2014/04/26 17:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 23:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/26 17:29:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: key-find (Enabled)
CHR - default_search_provider: search_url = http://www.key-find....q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Wallet = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\jenktr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/04/27 07:01:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7C91D0-91FF-4815-A336-570C3EBB3890}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/28 20:50:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014/04/28 20:50:13 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2014/04/27 17:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/27 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/04/27 17:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/04/27 06:58:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/26 18:14:36 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Malwarebytes
[2014/04/26 18:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/04/26 18:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/26 18:14:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/26 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/04/26 18:12:59 | 010,284,816 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 18:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2014/04/26 17:59:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 17:50:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 17:50:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 17:46:00 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/25 19:42:50 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/22 03:04:27 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/04/05 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\com
[2014/04/05 09:20:48 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\IsolatedStorage
[2014/04/05 09:20:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2014/03/30 15:42:14 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Google
[2014/03/30 15:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Real
[2014/03/30 15:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/03/30 15:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2014/03/30 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Roaming\Real
[2014/03/30 15:39:05 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\cache
[2014/03/30 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\jenktr\AppData\Local\Google
[2014/03/30 15:38:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/03/30 15:38:01 | 001,090,218 | ---- | C] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/30 15:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/28 20:50:19 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/28 20:50:19 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/28 20:48:32 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/28 20:47:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/28 20:47:53 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2014/04/28 20:47:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/28 20:47:35 | 2733,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/27 18:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/27 17:41:11 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/27 07:01:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/26 18:14:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 18:13:08 | 010,284,816 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\jenktr\Desktop\mbam-setup-1.75.0.1300.exe
[2014/04/26 17:51:46 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 17:46:10 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\jenktr\Desktop\JRT.exe
[2014/04/26 17:44:56 | 001,329,501 | ---- | M] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/26 17:37:22 | 000,000,169 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/26 17:32:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/25 20:00:31 | 000,001,103 | ---- | M] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/25 19:07:53 | 000,001,162 | ---- | M] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/04/25 17:01:20 | 001,090,218 | ---- | M] (AnyProtect.com) -- C:\Users\jenktr\AppData\Local\AnyProtectScannerSetup.exe
[2014/04/24 12:33:46 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
[2014/04/21 14:15:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/30 14:57:00 | 000,001,120 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/03/30 14:53:00 | 000,001,417 | ---- | M] () -- C:\Users\jenktr\Desktop\Internet Explorer.lnk
[2014/03/30 14:52:59 | 000,001,441 | ---- | M] () -- C:\Users\jenktr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/30 07:09:53 | 000,281,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/04/27 17:41:11 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/26 18:14:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/26 17:44:50 | 001,329,501 | ---- | C] () -- C:\Users\jenktr\Desktop\adwcleaner.exe
[2014/04/25 20:00:31 | 000,001,103 | ---- | C] () -- C:\Users\jenktr\Desktop\OTL - Shortcut.lnk
[2014/04/25 19:07:53 | 000,001,162 | ---- | C] () -- C:\Users\jenktr\Desktop\Live PC Help.lnk
[2014/03/30 15:38:52 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/30 15:38:51 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/30 14:04:59 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/03 09:36:07 | 000,000,088 | ---- | C] () -- C:\Users\jenktr\AppData\Roaming\WB.CFG
[2013/04/14 01:52:46 | 000,000,169 | ---- | C] () -- C:\Windows\wininit.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/25 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Barnes & Noble
[2013/03/24 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2014/03/16 14:49:30 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\CompuClever
[2014/03/29 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\IDM2
[2012/10/16 17:57:36 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\OEM
[2013/04/04 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\WildTangent
[2013/09/14 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\jenktr\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 

Thanks Joe!!


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP