Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RunDLL box wont go away; I suspect I may have infections on computer [


  • This topic is locked This topic is locked

#1
JDEbberly

JDEbberly

    Member

  • Member
  • PipPip
  • 13 posts

When I start the computer every morning, this box appears on the screen. 

 

RunDLL

 

There was a problem starting

C:\Users\JD\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

 

 

 

The specified module could not be found.

 

 

 

I suspect there may be an infection on my computer. I'd appreciate it very much if a geek would please examine my computer. The computer is running a little slower than normal. Thank you very much in advance.

 

 

 

 

 

OTL logfile created on: 5/5/2014 1:34:01 AM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JD\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.96 Gb Total Physical Memory | 4.53 Gb Available Physical Memory | 56.92% Memory free
15.92 Gb Paging File | 11.81 Gb Available in Paging File | 74.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.59 Gb Total Space | 838.92 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
 
Computer Name: JD-PC | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/23 20:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/21 13:30:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
PRC - [2014/04/01 06:29:02 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/03 12:02:06 | 000,173,272 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/11/08 16:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/08 16:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/15 13:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/10 03:47:52 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE
PRC - [2013/09/20 11:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 11:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/08/09 16:37:04 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/07/25 12:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/09/19 10:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\WxDFast\WxDFast.exe
PRC - [2012/06/09 17:31:12 | 008,867,840 | ---- | M] (Wisdom Software Inc. ) -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/02/09 17:36:43 | 000,136,312 | ---- | M] (Google Inc.) -- C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe
PRC - [2010/12/16 12:57:20 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/12/02 04:08:52 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\JD\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/17 17:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 20:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 20:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014/04/23 20:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 20:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/23 20:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/23 20:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 20:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/02/13 14:09:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/02/13 13:49:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 13:49:34 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll
MOD - [2014/02/13 13:49:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 13:49:18 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/13 13:49:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 13:49:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 13:49:00 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/13 13:48:52 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/13 13:48:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 13:48:45 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 13:48:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 13:48:39 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/05/16 11:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 11:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/16 12:36:18 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2010/12/16 12:36:16 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2010/12/16 12:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libpcre.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 17:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/17 18:47:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/21 04:04:28 | 001,025,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/01/15 20:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/11/08 16:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/02 18:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/09/30 14:01:50 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/05/03 11:59:45 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/01 13:00:20 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/03 12:02:06 | 000,173,272 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/11/08 16:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/10 03:47:52 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/10/10 03:47:52 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/09 16:37:04 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/06/10 16:02:27 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 15:50:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/17 19:02:08 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/03/17 18:54:54 | 000,345,456 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:47:30 | 000,522,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/03/17 18:45:38 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/01/21 03:50:24 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/01/21 03:50:02 | 000,422,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/09/27 19:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/06/16 08:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/02/16 13:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 16:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/26 11:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/12/29 17:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/10 14:53:42] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c...TGZXXXX9VP83TGZ
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c...TGZXXXX9VP83TGZ
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{4A54FD66-D313-A717-6E73-5CB784C47C65}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6ECAD0F9-51B9-469E-B16D-ACDFDD3C0E5B}: "URL" = http://start.mysearc...=1373539363&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{5BB7E50A-4FAE-4B8B-8945-9C5F90E3AEFF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8: "URL" = http://start.mysearc...=1373539363&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?FORM=MSNH14
IE - HKCU\..\SearchScopes,DefaultScope = {B6440D3B-2967-40DC-9118-6C23541CDFF8}
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{16AB6E5F-B72A-4B9B-B696-DAB542E5C84C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{4B04733F-E04C-4F43-9919-E5107285F4E6}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8: "URL" = http://start.mysearc...=1373539363&ir=
IE - HKCU\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8}: "URL" = http://search.condui...8724169143&UM=2
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "https://www.yahoo.com/"
FF - prefs.js..browser.search.selectedEngine: "https://www.yahoo.com/"
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@igg.com/100YearsWarPlayer: C:\Users\JD\AppData\Roaming\IGG\100YearsWarPlayer\np100YearsWarPlayer.dll (igg.com)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\JD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@update.flock.com/Flock Update;version=8: C:\Users\JD\AppData\Local\Flock\Update\1.2.213.0\npFlockOneClick8.dll (Flock Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\JD\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files (x86)\Flock\components [2012/05/23 14:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2014/01/16 06:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components [2012/05/23 14:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2014/01/16 06:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.2\extensions\\Components: C:\Program Files (x86)\Flock\components [2012/05/23 14:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.2\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2014/01/16 06:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/03 11:59:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/03 11:59:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2012/05/23 14:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2014/01/16 06:25:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/03 11:59:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/03 11:59:41 | 000,000,000 | ---D | M]
 
[2010/07/27 00:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions
[2010/07/27 00:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/06/24 21:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2014/03/21 17:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\4p6wr1zf.default-1383453477890\extensions
[2010/07/27 00:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\SeaMonkey\Profiles\o7i74ol6.default\extensions
[2013/11/16 18:45:52 | 000,002,115 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\4p6wr1zf.default-1383453477890\searchplugins\MyStart Search.xml
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/03 11:59:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Screen capture, screenshot share/save = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbjepchlgclmpinlbbeinajphohgfod\2423.38.46.329_0\
CHR - Extension: Google Search = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Supernova = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll\1_0\
CHR - Extension: WeatherBug (Legacy App) = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_1\
CHR - Extension: Instapaper = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\1.2.2_0\
CHR - Extension: Google Wallet = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2010/07/27 03:21:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (wxDownload Class) - {E951BE10-523A-E47F-47CB-E045AA2E827C} - C:\ProgramData\wxDownload\5087a23556252.ocx ()
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Flock Update] C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\JD\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11C799E8-8179-430F-B474-395824AFC90D}: DhcpNameServer = 71.252.0.12 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B62A4DF-F145-43B6-8B2A-75BA439C3CB7}: DhcpNameServer = 168.94.0.14 168.94.0.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCB5789B-DEA0-40AB-9FE4-A8DFC9EBDDB2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/04 22:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/03 11:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/01 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\May 1
[2014/04/28 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\keywords
[2014/04/23 03:07:00 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/04/21 13:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2014/04/15 18:32:46 | 000,000,000 | -HSD | C] -- C:\Users\JD\AppData\Local\EmieUserList
[2014/04/15 18:32:46 | 000,000,000 | -HSD | C] -- C:\Users\JD\AppData\Local\EmieSiteList
[2014/04/06 05:31:43 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Authority Certification
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/05 01:41:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA.job
[2014/05/05 01:34:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/05 01:16:26 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA.job
[2014/05/05 00:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/05 00:54:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DigitalSite.job
[2014/05/05 00:30:42 | 000,731,904 | ---- | M] () -- C:\Users\JD\Desktop\ScreenHunter_4024 May. 05 00.30.jpg
[2014/05/04 16:41:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core.job
[2014/05/04 13:23:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 13:23:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 13:21:41 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/04 13:21:41 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/04 13:21:41 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/04 13:17:50 | 000,002,238 | -H-- | M] () -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/05/04 13:16:34 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/04 13:16:25 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job
[2014/05/04 13:15:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/04 13:15:58 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/03 03:14:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core.job
[2014/04/27 09:24:56 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for JD.job
[2014/04/26 08:35:55 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/26 04:53:34 | 003,500,057 | ---- | M] () -- C:\Users\JD\Desktop\Curata_ContentMarketingTacticsPlanner2014.pdf
[2014/04/21 13:30:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2014/04/14 04:30:17 | 000,174,731 | ---- | M] () -- C:\Users\JD\Desktop\Authority-Live-Q-&-A-Replay-March-21st-2014.pdf
[2014/04/11 01:28:56 | 000,075,017 | ---- | M] () -- C:\Users\JD\Desktop\ARCore-009t-remarkable-blogs.pdf
 
========== Files Created - No Company Name ==========
 
[2014/05/05 00:30:41 | 000,731,904 | ---- | C] () -- C:\Users\JD\Desktop\ScreenHunter_4024 May. 05 00.30.jpg
[2014/04/26 04:52:51 | 003,500,057 | ---- | C] () -- C:\Users\JD\Desktop\Curata_ContentMarketingTacticsPlanner2014.pdf
[2014/04/14 04:30:14 | 000,174,731 | ---- | C] () -- C:\Users\JD\Desktop\Authority-Live-Q-&-A-Replay-March-21st-2014.pdf
[2014/04/11 01:28:54 | 000,075,017 | ---- | C] () -- C:\Users\JD\Desktop\ARCore-009t-remarkable-blogs.pdf
[2013/11/17 05:02:33 | 000,000,786 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/04 04:05:31 | 000,000,258 | RHS- | C] () -- C:\Users\JD\ntuser.pol
[2013/11/01 10:54:07 | 000,000,089 | ---- | C] () -- C:\Users\JD\AppData\Roaming\WB.CFG
[2013/11/01 10:54:07 | 000,000,006 | ---- | C] () -- C:\Users\JD\AppData\Roaming\WBPU-TTL.DAT
[2012/09/09 21:12:57 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/10 10:10:43 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{3DB9FAAD-81AF-4382-8607-F7095FEC2B08}
[2012/01/10 10:10:01 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{9FDE7221-F2AC-4014-B622-EF89BAA04350}
[2011/12/03 01:55:05 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{1251C728-5C43-4F73-9F64-92BB90249168}
[2011/12/03 01:53:10 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{2F9DFCE3-7ACB-40B2-B9F7-6A5E02EF259A}
[2011/10/20 03:36:12 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{F703A9C1-4C8D-446F-A6B7-89B253C273C6}
[2011/10/20 03:34:21 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{998B7B1E-7A6C-4494-8A10-AA5162BC0406}
[2011/10/19 00:23:30 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{55D99A43-C7DF-41D5-B700-CA5176D992E5}
[2011/10/19 00:21:36 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{6C0835A2-1A20-43CA-A6C8-998F29B3C758}
[2010/07/17 22:41:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/18 23:01:32 | 000,007,610 | ---- | C] () -- C:\Users\JD\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/01 02:54:06 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\0D0S1L2Z1P1B
[2013/01/05 04:57:55 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\2BrightSparks
[2013/11/17 04:49:56 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Avant Downloader
[2013/11/17 01:34:58 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\defaulttab
[2013/11/17 01:33:26 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\DigitalSite
[2010/11/02 03:16:29 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Downloaded Installations
[2010/07/18 19:29:31 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\FileZilla
[2010/06/24 21:51:59 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Flock
[2011/08/20 14:11:04 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\IGG
[2011/10/18 15:17:47 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Nitro PDF
[2010/10/21 16:21:11 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\OpenOffice.org
[2010/06/17 13:11:10 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Opera
[2013/11/17 03:34:50 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Opera Software
[2011/10/18 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\PCDr
[2010/07/17 03:36:51 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\PrimoPDF
[2014/02/07 06:07:32 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\SlimBrowser
[2013/11/14 14:13:40 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Systweak
[2010/09/26 02:27:32 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/05/03 05:02:58 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Unity
[2010/07/09 15:18:06 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Webshots
[2010/06/29 02:30:10 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:



Hello :)

We have some work to do, so let's get started.


Step 1: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c...TGZXXXX9VP83TGZ
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c...TGZXXXX9VP83TGZ
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6ECAD0F9-51B9-469E-B16D-ACDFDD3C0E5B}: "URL" = http://start.mysearc...=1373539363&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8: "URL" = http://start.mysearc...=1373539363&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {B6440D3B-2967-40DC-9118-6C23541CDFF8}
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{4B04733F-E04C-4F43-9919-E5107285F4E6}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8: "URL" = http://start.mysearc...=1373539363&ir=
IE - HKCU\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8}: "URL" = http://search.condui...8724169143&UM=2
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...q={searchTerms}
[2013/11/16 18:45:52 | 000,002,115 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\4p6wr1zf.default-1383453477890\searchplugins\MyStart Search.xml
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (wxDownload Class) - {E951BE10-523A-E47F-47CB-E045AA2E827C} - C:\ProgramData\wxDownload\5087a23556252.ocx ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
[2013/11/17 01:34:58 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\defaulttab

:Commands
[resethosts]
[emptytemp]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: Scan with Farbar's Recovery Scan Tool


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

FRST Log

Addition.txt Log

  • 0

#3
JDEbberly

JDEbberly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here is the OTL Fix Log:

 

 

OTL logfile created on: 5/5/2014 1:34:01 AM - Run 5

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JD\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.96 Gb Total Physical Memory | 4.53 Gb Available Physical Memory | 56.92% Memory free
15.92 Gb Paging File | 11.81 Gb Available in Paging File | 74.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.59 Gb Total Space | 838.92 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
 
Computer Name: JD-PC | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/23 20:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/21 13:30:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
PRC - [2014/04/01 06:29:02 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/03 12:02:06 | 000,173,272 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/11/08 16:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/08 16:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/15 13:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/10 03:47:52 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE
PRC - [2013/09/20 11:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 11:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/08/09 16:37:04 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/07/25 12:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/09/19 10:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\WxDFast\WxDFast.exe
PRC - [2012/06/09 17:31:12 | 008,867,840 | ---- | M] (Wisdom Software Inc. ) -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/02/09 17:36:43 | 000,136,312 | ---- | M] (Google Inc.) -- C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe
PRC - [2010/12/16 12:57:20 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/12/02 04:08:52 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\JD\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/17 17:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/23 20:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 20:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014/04/23 20:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 20:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/23 20:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/23 20:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 20:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/02/13 14:09:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/02/13 13:49:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 13:49:34 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll
MOD - [2014/02/13 13:49:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 13:49:18 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/13 13:49:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 13:49:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 13:49:00 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/13 13:48:52 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/13 13:48:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 13:48:45 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 13:48:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 13:48:39 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/05/16 11:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 11:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/16 12:36:18 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2010/12/16 12:36:16 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2010/12/16 12:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libpcre.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 17:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/17 18:47:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/21 04:04:28 | 001,025,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/01/15 20:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/11/08 16:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/08/02 18:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/09/30 14:01:50 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/05/03 11:59:45 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/01 13:00:20 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/03 12:02:06 | 000,173,272 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/11/08 16:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/10 03:47:52 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/10/10 03:47:52 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/09 16:37:04 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/06/10 16:02:27 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 15:50:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/17 19:02:08 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/03/17 18:54:54 | 000,345,456 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:47:30 | 000,522,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/03/17 18:45:38 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/01/21 03:50:24 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/01/21 03:50:02 | 000,422,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/09/27 19:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/06/16 08:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/02/16 13:44:18 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs.sys -- (CbFs)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 16:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/26 11:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/12/29 17:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/06/10 14:53:42] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c...TGZXXXX9VP83TGZ
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c...TGZXXXX9VP83TGZ
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{4A54FD66-D313-A717-6E73-5CB784C47C65}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6ECAD0F9-51B9-469E-B16D-ACDFDD3C0E5B}: "URL" = http://start.mysearc...=1373539363&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{5BB7E50A-4FAE-4B8B-8945-9C5F90E3AEFF}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8: "URL" = http://start.mysearc...=1373539363&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?FORM=MSNH14
IE - HKCU\..\SearchScopes,DefaultScope = {B6440D3B-2967-40DC-9118-6C23541CDFF8}
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{16AB6E5F-B72A-4B9B-B696-DAB542E5C84C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{4B04733F-E04C-4F43-9919-E5107285F4E6}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8: "URL" = http://start.mysearc...=1373539363&ir=
IE - HKCU\..\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8}: "URL" = http://search.condui...8724169143&UM=2
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "https://www.yahoo.com/"
FF - prefs.js..browser.search.selectedEngine: "https://www.yahoo.com/"
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@igg.com/100YearsWarPlayer: C:\Users\JD\AppData\Roaming\IGG\100YearsWarPlayer\np100YearsWarPlayer.dll (igg.com)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\JD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@update.flock.com/Flock Update;version=8: C:\Users\JD\AppData\Local\Flock\Update\1.2.213.0\npFlockOneClick8.dll (Flock Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\JD\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files (x86)\Flock\components [2012/05/23 14:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.0\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2014/01/16 06:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components [2012/05/23 14:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2014/01/16 06:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.2\extensions\\Components: C:\Program Files (x86)\Flock\components [2012/05/23 14:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.2\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2014/01/16 06:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/03 11:59:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/03 11:59:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2012/05/23 14:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2014/01/16 06:25:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/03 11:59:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/03 11:59:41 | 000,000,000 | ---D | M]
 
[2010/07/27 00:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions
[2010/07/27 00:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/06/24 21:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2014/03/21 17:34:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\4p6wr1zf.default-1383453477890\extensions
[2010/07/27 00:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\SeaMonkey\Profiles\o7i74ol6.default\extensions
[2013/11/16 18:45:52 | 000,002,115 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\4p6wr1zf.default-1383453477890\searchplugins\MyStart Search.xml
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2014/05/03 11:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/03 11:59:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Screen capture, screenshot share/save = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjbjepchlgclmpinlbbeinajphohgfod\2423.38.46.329_0\
CHR - Extension: Google Search = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Supernova = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll\1_0\
CHR - Extension: WeatherBug (Legacy App) = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_1\
CHR - Extension: Instapaper = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh\1.2.2_0\
CHR - Extension: Google Wallet = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2010/07/27 03:21:56 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - No CLSID value found.
O2 - BHO: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (wxDownload Class) - {E951BE10-523A-E47F-47CB-E045AA2E827C} - C:\ProgramData\wxDownload\5087a23556252.ocx ()
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Flock Update] C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\JD\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11C799E8-8179-430F-B474-395824AFC90D}: DhcpNameServer = 71.252.0.12 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B62A4DF-F145-43B6-8B2A-75BA439C3CB7}: DhcpNameServer = 168.94.0.14 168.94.0.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCB5789B-DEA0-40AB-9FE4-A8DFC9EBDDB2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/04 22:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/05/03 11:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/01 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\May 1
[2014/04/28 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\keywords
[2014/04/23 03:07:00 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2014/04/21 13:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2014/04/15 18:32:46 | 000,000,000 | -HSD | C] -- C:\Users\JD\AppData\Local\EmieUserList
[2014/04/15 18:32:46 | 000,000,000 | -HSD | C] -- C:\Users\JD\AppData\Local\EmieSiteList
[2014/04/06 05:31:43 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\Authority Certification
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/05 01:41:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA.job
[2014/05/05 01:34:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/05 01:16:26 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA.job
[2014/05/05 00:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/05 00:54:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DigitalSite.job
[2014/05/05 00:30:42 | 000,731,904 | ---- | M] () -- C:\Users\JD\Desktop\ScreenHunter_4024 May. 05 00.30.jpg
[2014/05/04 16:41:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core.job
[2014/05/04 13:23:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 13:23:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 13:21:41 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/04 13:21:41 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/04 13:21:41 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/04 13:17:50 | 000,002,238 | -H-- | M] () -- C:\Users\JD\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/05/04 13:16:34 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/04 13:16:25 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job
[2014/05/04 13:15:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/04 13:15:58 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/03 03:14:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core.job
[2014/04/27 09:24:56 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for JD.job
[2014/04/26 08:35:55 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/26 04:53:34 | 003,500,057 | ---- | M] () -- C:\Users\JD\Desktop\Curata_ContentMarketingTacticsPlanner2014.pdf
[2014/04/21 13:30:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2014/04/14 04:30:17 | 000,174,731 | ---- | M] () -- C:\Users\JD\Desktop\Authority-Live-Q-&-A-Replay-March-21st-2014.pdf
[2014/04/11 01:28:56 | 000,075,017 | ---- | M] () -- C:\Users\JD\Desktop\ARCore-009t-remarkable-blogs.pdf
 
========== Files Created - No Company Name ==========
 
[2014/05/05 00:30:41 | 000,731,904 | ---- | C] () -- C:\Users\JD\Desktop\ScreenHunter_4024 May. 05 00.30.jpg
[2014/04/26 04:52:51 | 003,500,057 | ---- | C] () -- C:\Users\JD\Desktop\Curata_ContentMarketingTacticsPlanner2014.pdf
[2014/04/14 04:30:14 | 000,174,731 | ---- | C] () -- C:\Users\JD\Desktop\Authority-Live-Q-&-A-Replay-March-21st-2014.pdf
[2014/04/11 01:28:54 | 000,075,017 | ---- | C] () -- C:\Users\JD\Desktop\ARCore-009t-remarkable-blogs.pdf
[2013/11/17 05:02:33 | 000,000,786 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/04 04:05:31 | 000,000,258 | RHS- | C] () -- C:\Users\JD\ntuser.pol
[2013/11/01 10:54:07 | 000,000,089 | ---- | C] () -- C:\Users\JD\AppData\Roaming\WB.CFG
[2013/11/01 10:54:07 | 000,000,006 | ---- | C] () -- C:\Users\JD\AppData\Roaming\WBPU-TTL.DAT
[2012/09/09 21:12:57 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/10 10:10:43 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{3DB9FAAD-81AF-4382-8607-F7095FEC2B08}
[2012/01/10 10:10:01 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{9FDE7221-F2AC-4014-B622-EF89BAA04350}
[2011/12/03 01:55:05 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{1251C728-5C43-4F73-9F64-92BB90249168}
[2011/12/03 01:53:10 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{2F9DFCE3-7ACB-40B2-B9F7-6A5E02EF259A}
[2011/10/20 03:36:12 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{F703A9C1-4C8D-446F-A6B7-89B253C273C6}
[2011/10/20 03:34:21 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{998B7B1E-7A6C-4494-8A10-AA5162BC0406}
[2011/10/19 00:23:30 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{55D99A43-C7DF-41D5-B700-CA5176D992E5}
[2011/10/19 00:21:36 | 000,000,000 | ---- | C] () -- C:\Users\JD\AppData\Local\{6C0835A2-1A20-43CA-A6C8-998F29B3C758}
[2010/07/17 22:41:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/18 23:01:32 | 000,007,610 | ---- | C] () -- C:\Users\JD\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/01 02:54:06 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\0D0S1L2Z1P1B
[2013/01/05 04:57:55 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\2BrightSparks
[2013/11/17 04:49:56 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Avant Downloader
[2013/11/17 01:34:58 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\defaulttab
[2013/11/17 01:33:26 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\DigitalSite
[2010/11/02 03:16:29 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Downloaded Installations
[2010/07/18 19:29:31 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\FileZilla
[2010/06/24 21:51:59 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Flock
[2011/08/20 14:11:04 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\IGG
[2011/10/18 15:17:47 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Nitro PDF
[2010/10/21 16:21:11 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\OpenOffice.org
[2010/06/17 13:11:10 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Opera
[2013/11/17 03:34:50 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Opera Software
[2011/10/18 15:50:27 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\PCDr
[2010/07/17 03:36:51 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\PrimoPDF
[2014/02/07 06:07:32 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\SlimBrowser
[2013/11/14 14:13:40 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Systweak
[2010/09/26 02:27:32 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2013/05/03 05:02:58 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Unity
[2010/07/09 15:18:06 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Webshots
[2010/06/29 02:30:10 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here is the AdwCleaner Log:
 
 

# AdwCleaner v3.207 - Report created 05/05/2014 at 22:46:31
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : JD - JD-PC
# Running from : C:\Users\JD\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : BackupStack
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\wxDownload
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDownload
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealBulldog Toolbar
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\JD\AppData\Local\apn
[!] Folder Deleted : C:\Users\JD\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\JD\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\JD\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\JD\AppData\LocalLow\AGI
Folder Deleted : C:\Users\JD\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\JD\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\JD\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JD\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\JD\AppData\LocalLow\wxDownload
Folder Deleted : C:\Users\JD\AppData\Roaming\0D0S1L2Z1P1B
Folder Deleted : C:\Users\JD\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\JD\AppData\Roaming\Systweak
Folder Deleted : C:\Users\LeRoy\AppData\Roaming\Mozilla\Firefox\Profiles\21qcf3fb.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\LeRoy\AppData\Roaming\Mozilla\Firefox\Profiles\21qcf3fb.default\Extensions\staged\[email protected]
Folder Deleted : C:\Users\LeRoy\AppData\Roaming\Mozilla\Firefox\Profiles\21qcf3fb.default\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\LeRoy\AppData\Roaming\Mozilla\Firefox\Profiles\21qcf3fb.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\LeRoy\AppData\Roaming\Mozilla\Firefox\Profiles\21qcf3fb.default\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\Tasks\DigitalSite.job
File Deleted : C:\Windows\System32\Tasks\DigitalSite
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\JD\Desktop\Maintenance\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\JD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\JD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\JD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eibleipkbineaadpnemmalkahodjhdbd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314312
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_stanza-desktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_stanza-desktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182204}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealBulldog Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\4p6wr1zf.default-1383453477890\prefs.js ]
 
 
[ File : C:\Users\LeRoy\AppData\Roaming\Mozilla\Firefox\Profiles\21qcf3fb.default\prefs.js ]
 
Line Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyB0E0EyEtDtDzy0EyCyBtC0EyEzy0AtAtN0D0Tzu0CyCyBtDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtC[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
 
-\\ Google Chrome v34.0.1847.131
 
*************************
 
AdwCleaner[R0].txt - [16907 octets] - [05/05/2014 22:45:16]
AdwCleaner[S0].txt - [14308 octets] - [05/05/2014 22:46:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14369 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here is the Junkware Removal Tool Log:
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by JD on Mon 05/05/2014 at 22:53:38.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2370819180-3800432558-3504640221-1001\Software\wajam
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\JD\appdata\locallow\SkwConfig.bin"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\JD\appdata\locallow\somototoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\somototoolbar"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\JD\AppData\Roaming\mozilla\firefox\profiles\4p6wr1zf.default-1383453477890\minidumps [10 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jneaojaoiajhnemidnjhoempalnidbhj
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/05/2014 at 23:03:06.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
 
 
 
 
 
Here are the FRST Log and the Addition.txt Log:
 
 
 
FRST Log:
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by JD (administrator) on JD-PC on 05-05-2014 23:09:01
Running from C:\Users\JD\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Google Inc.) C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
(RockMelt Inc.) C:\Users\JD\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2370819180-3800432558-3504640221-1001\...\Run: [Flock Update] => C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe [136312 2011-02-09] (Google Inc.)
HKU\S-1-5-21-2370819180-3800432558-3504640221-1001\...\Run: [RockMelt Update] => C:\Users\JD\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [136336 2010-12-02] (RockMelt Inc.)
HKU\S-1-5-21-2370819180-3800432558-3504640221-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-2370819180-3800432558-3504640221-1001\...\Run: [DriverMax] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8239992 2014-03-24] (Innovative Solutions)
HKU\S-1-5-21-2370819180-3800432558-3504640221-1001\...\Run: [DriverMax_RESTART] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk
ShortcutTarget: Evernote Clipper.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\LeRoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?FORM=MSNH14
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\4p6wr1zf.default-1383453477890
FF DefaultSearchEngine: https://www.yahoo.com/
FF SelectedSearchEngine: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @igg.com/100YearsWarPlayer - C:\Users\JD\AppData\Roaming\IGG\100YearsWarPlayer\np100YearsWarPlayer.dll (igg.com)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\JD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @update.flock.com/Flock Update;version=8 - C:\Users\JD\AppData\Local\Flock\Update\1.2.213.0\npFlockOneClick8.dll (Flock Inc.)
FF Plugin HKCU: @us-w1.rockmelt.com/RockMelt Update;version=8 - C:\Users\JD\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-03]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-05-03]
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-04]
CHR Extension: (Google Drive) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-04]
CHR Extension: (YouTube) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-11-03]
CHR Extension: (Google Search) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-11-16]
CHR Extension: (Google Wallet) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-01]
CHR Extension: (Gmail) - C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-11-03]
CHR HKLM-x32\...\Chrome\Extension: [bdhajgnkdpgmkfgncpbmkafdeobeempf] - C:\ProgramData\wxDownload\bdhajgnkdpgmkfgncpbmkafdeobeempf.crx [2011-11-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-12-03] (Microsoft Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [341296 2010-09-30] (Nitro PDF Software)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-05] (AVG Technologies)
R1 CbFs; C:\Windows\system32\drivers\cbfs.sys [191960 2010-02-16] (EldoS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-05 23:09 - 2014-05-05 23:10 - 00024342 _____ () C:\Users\JD\Downloads\FRST.txt
2014-05-05 23:08 - 2014-05-05 23:09 - 00000000 ____D () C:\FRST
2014-05-05 23:07 - 2014-05-05 23:07 - 02063872 _____ (Farbar) C:\Users\JD\Downloads\FRST64.exe
2014-05-05 23:03 - 2014-05-05 23:03 - 00001332 _____ () C:\Users\JD\Desktop\JRT.txt
2014-05-05 22:54 - 2014-05-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-05 22:53 - 2014-05-05 22:53 - 00000000 ____D () C:\Windows\ERUNT
2014-05-05 22:52 - 2014-05-05 22:52 - 01016261 _____ (Thisisu) C:\Users\JD\Downloads\JRT (1).exe
2014-05-05 22:51 - 2014-05-05 22:51 - 01016261 _____ (Thisisu) C:\Users\JD\Downloads\JRT.exe
2014-05-05 22:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-05 22:43 - 2014-05-05 22:46 - 00000000 ____D () C:\AdwCleaner
2014-05-05 22:42 - 2014-05-05 22:42 - 01316991 _____ () C:\Users\JD\Desktop\adwcleaner.exe
2014-05-05 08:42 - 2014-05-05 22:48 - 00002004 _____ () C:\Windows\PFRO.log
2014-05-05 08:42 - 2014-05-05 22:48 - 00000672 _____ () C:\Windows\setupact.log
2014-05-05 08:42 - 2014-05-05 08:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 05:32 - 2014-05-05 08:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-05 03:07 - 2014-05-05 03:07 - 00000000 ____D () C:\Users\JD\AppData\Local\Innovative Solutions
2014-05-05 03:07 - 2014-05-05 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2014-05-05 03:07 - 2014-05-05 03:07 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions
2014-05-05 03:06 - 2014-05-05 22:48 - 00000000 ____D () C:\Users\JD\AppData\Local\AVG SafeGuard toolbar
2014-05-05 03:05 - 2014-05-05 03:05 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-05-03 11:59 - 2014-05-03 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-03 03:00 - 2014-04-29 10:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 03:00 - 2014-04-29 09:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 03:00 - 2014-04-29 08:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 03:00 - 2014-04-29 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 14:34 - 2014-05-05 22:47 - 00000000 ____D () C:\Users\JD\Desktop\May 1
2014-04-28 01:46 - 2014-04-28 01:47 - 00000000 ____D () C:\Users\JD\Desktop\keywords
2014-04-23 03:07 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-21 13:42 - 2014-05-05 01:48 - 00119692 _____ () C:\Users\JD\Desktop\OTL.Txt
2014-04-21 13:30 - 2014-04-21 13:30 - 00602112 _____ (OldTimer Tools) C:\Users\JD\Desktop\OTL.exe
2014-04-15 18:32 - 2014-04-15 18:32 - 00000000 __SHD () C:\Users\JD\AppData\Local\EmieUserList
2014-04-15 18:32 - 2014-04-15 18:32 - 00000000 __SHD () C:\Users\JD\AppData\Local\EmieSiteList
2014-04-10 03:01 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 03:01 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 03:01 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 03:01 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 03:01 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 03:01 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 03:01 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 03:01 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 03:01 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 03:01 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 03:01 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 03:01 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 03:01 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 03:01 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 03:01 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-10 03:01 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 03:01 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-10 03:01 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-10 03:01 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 03:00 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 03:00 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 03:00 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 03:00 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 03:00 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 03:00 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 03:00 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 03:00 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-10 03:00 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-10 03:00 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 03:00 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-10 03:00 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 03:00 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-10 03:00 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-10 03:00 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 03:00 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 03:00 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 03:00 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 03:00 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 03:00 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 03:00 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 03:00 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-10 03:00 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 03:00 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 05:02 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 05:02 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 05:02 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 05:02 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 05:02 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 05:02 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 05:02 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 05:02 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 05:02 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 05:02 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 05:02 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 05:02 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 05:02 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 05:02 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 05:02 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 05:02 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 05:02 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 05:31 - 2014-04-24 01:09 - 00000000 ____D () C:\Users\JD\Desktop\Authority Certification
 
==================== One Month Modified Files and Folders =======
 
2014-05-05 23:10 - 2014-05-05 23:09 - 00024342 _____ () C:\Users\JD\Downloads\FRST.txt
2014-05-05 23:09 - 2014-05-05 23:08 - 00000000 ____D () C:\FRST
2014-05-05 23:07 - 2014-05-05 23:07 - 02063872 _____ (Farbar) C:\Users\JD\Downloads\FRST64.exe
2014-05-05 23:03 - 2014-05-05 23:03 - 00001332 _____ () C:\Users\JD\Desktop\JRT.txt
2014-05-05 22:59 - 2012-05-25 13:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-05 22:56 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 22:56 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 22:54 - 2014-05-05 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-05 22:53 - 2014-05-05 22:53 - 00000000 ____D () C:\Windows\ERUNT
2014-05-05 22:53 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 22:52 - 2014-05-05 22:52 - 01016261 _____ (Thisisu) C:\Users\JD\Downloads\JRT (1).exe
2014-05-05 22:52 - 2012-04-16 05:15 - 01644787 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 22:51 - 2014-05-05 22:51 - 01016261 _____ (Thisisu) C:\Users\JD\Downloads\JRT.exe
2014-05-05 22:49 - 2012-10-24 03:59 - 00000370 ____H () C:\Windows\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job
2014-05-05 22:49 - 2010-09-15 02:22 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-05 22:49 - 2010-06-17 12:54 - 00000000 ____D () C:\Users\JD\AppData\Local\SoftThinks
2014-05-05 22:49 - 2010-06-10 16:14 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-05 22:49 - 2010-06-10 16:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-05 22:49 - 2010-06-10 15:51 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-05 22:48 - 2014-05-05 08:42 - 00002004 _____ () C:\Windows\PFRO.log
2014-05-05 22:48 - 2014-05-05 08:42 - 00000672 _____ () C:\Windows\setupact.log
2014-05-05 22:48 - 2014-05-05 03:06 - 00000000 ____D () C:\Users\JD\AppData\Local\AVG SafeGuard toolbar
2014-05-05 22:48 - 2010-06-10 15:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-05 22:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-05 22:47 - 2014-05-01 14:34 - 00000000 ____D () C:\Users\JD\Desktop\May 1
2014-05-05 22:46 - 2014-05-05 22:43 - 00000000 ____D () C:\AdwCleaner
2014-05-05 22:46 - 2011-03-24 16:48 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-05 22:46 - 2010-12-29 14:08 - 00000923 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-05-05 22:46 - 2010-07-18 18:26 - 00000000 ____D () C:\Users\JD\Desktop\Maintenance
2014-05-05 22:42 - 2014-05-05 22:42 - 01316991 _____ () C:\Users\JD\Desktop\adwcleaner.exe
2014-05-05 22:41 - 2010-10-13 06:15 - 00000892 _____ () C:\Windows\Tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA.job
2014-05-05 22:35 - 2010-06-17 12:54 - 00000000 ___RD () C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 22:34 - 2010-09-15 02:22 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-05 22:16 - 2010-12-02 04:09 - 00000916 _____ () C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA.job
2014-05-05 16:41 - 2010-10-13 06:15 - 00000840 _____ () C:\Windows\Tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core.job
2014-05-05 14:33 - 2013-05-21 13:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-05-05 08:48 - 2012-06-24 14:57 - 00000000 ____D () C:\Users\JD\AppData\Local\Macromedia
2014-05-05 08:47 - 2014-05-05 05:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-05 08:42 - 2014-05-05 08:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-05 08:42 - 2012-05-03 18:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-05 03:14 - 2010-12-02 04:09 - 00000864 _____ () C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core.job
2014-05-05 03:07 - 2014-05-05 03:07 - 00000000 ____D () C:\Users\JD\AppData\Local\Innovative Solutions
2014-05-05 03:07 - 2014-05-05 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2014-05-05 03:07 - 2014-05-05 03:07 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions
2014-05-05 03:05 - 2014-05-05 03:05 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-05-05 01:48 - 2014-04-21 13:42 - 00119692 _____ () C:\Users\JD\Desktop\OTL.Txt
2014-05-04 22:12 - 2010-06-17 13:14 - 00000000 ____D () C:\Users\JD\AppData\Roaming\Macromedia
2014-05-03 11:59 - 2014-05-03 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-01 13:00 - 2012-05-25 13:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-01 12:59 - 2012-05-25 13:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 12:59 - 2011-06-01 11:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 10:01 - 2014-05-03 03:00 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 09:40 - 2014-05-03 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 08:48 - 2014-05-03 03:00 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 08:34 - 2014-05-03 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 01:47 - 2014-04-28 01:46 - 00000000 ____D () C:\Users\JD\Desktop\keywords
2014-04-27 09:24 - 2010-12-15 12:36 - 00000446 ____H () C:\Windows\Tasks\Norton Security Scan for JD.job
2014-04-27 05:24 - 2013-11-03 16:19 - 00000000 ____D () C:\Users\JD\Desktop\new pics
2014-04-27 05:23 - 2014-01-04 05:47 - 00000000 ____D () C:\Users\JD\Desktop\pdfs
2014-04-26 08:35 - 2013-11-04 04:22 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-24 01:09 - 2014-04-06 05:31 - 00000000 ____D () C:\Users\JD\Desktop\Authority Certification
2014-04-21 13:30 - 2014-04-21 13:30 - 00602112 _____ (OldTimer Tools) C:\Users\JD\Desktop\OTL.exe
2014-04-19 16:16 - 2009-07-14 01:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-19 07:31 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-04-15 18:32 - 2014-04-15 18:32 - 00000000 __SHD () C:\Users\JD\AppData\Local\EmieUserList
2014-04-15 18:32 - 2014-04-15 18:32 - 00000000 __SHD () C:\Users\JD\AppData\Local\EmieSiteList
2014-04-10 04:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 03:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-09 07:11 - 2010-06-17 02:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 07:10 - 2013-07-22 15:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 07:09 - 2010-06-18 19:29 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\JD\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-30 21:07
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
Addition.txt Log:
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by JD at 2014-05-05 23:10:42
Running from C:\Users\JD\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
100Years'War Plugin version 2.1 (HKLM-x32\...\100Years'War Plugin_is1) (Version: 2.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.4.13090 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Age of Empires Online (HKLM-x32\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000000100}) (Version: 1.0.0000.1 - Microsoft Studios)
Age of Empires Online (x32 Version: 1.0.0000.1 - Microsoft Studios) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{3A681D82-5167-4418-BEBA-E8991486665B}) (Version: 7.3.114.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.363.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour (HKLM-x32\...\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}) (Version: 1.0.104 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.29.0.225 - Innovative Solutions)
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
Evernote v. 4.1 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.1.0.3431 - Evernote Corp.)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
FileZilla Client 3.3.3 (HKCU\...\FileZilla Client) (Version: 3.3.3 - )
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.067 - FlashPeak Inc.)
Flock (2.6.2) (HKLM-x32\...\Flock (2.6.2)) (Version: 2.6.2 (en-US) - Flock)
Flock (3.5.3.4641) (HKCU\...\Flock) (Version: 3.5.3.4641 - Flock)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.957 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nitro PDF Reader (HKLM\...\{0FB94E81-C427-46D0-A1E7-A4BC42899E65}) (Version: 1.3.1.1 - Nitro PDF Software)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Control Panel 320.78 (Version: 320.78 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2078 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OpenOffice.org 3.2 (HKLM-x32\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
Opera 11.00 (HKLM-x32\...\{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}) (Version: 11.00 - Opera Software ASA)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 17.0.1241.53 (HKLM-x32\...\Opera 17.0.1241.53) (Version: 17.0.1241.53 - Opera Software ASA)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
RockMelt (HKCU\...\RockMelt) (Version: 0.16.91.483 - RockMelt, Inc.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy CD and DVD Burning (x32 Version: 10.3.106 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SeaMonkey (2.0.6) (HKLM-x32\...\SeaMonkey (2.0.6)) (Version: 2.0.6 (en-US) - Mozilla)
Seesmic Desktop 2 (HKCU\...\2683344813.d.seesmic.com) (Version:  - d.seesmic.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
Shop To Win (HKLM-x32\...\{1220BDA0-E418-4789-BFF5-072062B29D01}_is1) (Version: 1.1.0.0 - Shop To Win, LLC)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Stanza (HKLM-x32\...\Stanza) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.2.30.0 - 2BrightSparks)
Temp File Cleaner (HKLM-x32\...\Temp File Cleaner) (Version:  - )
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TweetDeck (HKLM-x32\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.35.3 - TweetDeck Inc)
TweetDeck (x32 Version: 0.35.3 - TweetDeck Inc) Hidden
Unigine Heaven Benchmark v2.1 (HKLM-x32\...\{38468127-9E6F-4FC9-B5F7-42D4AD437D96}) (Version: 2.1 - Unigine Corp.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
WeatherBug (HKLM-x32\...\{DAFA6315-EAE5-4B9E-9D18-0DC51D1DB0F0}) (Version: 7.0.0.12 - Earth Networks, Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinSnap (HKLM-x32\...\WinSnap) (Version: 3.5.1 - NTWind Software)
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
WxDFast (HKLM\...\WxDFast) (Version: 1.0 - Premium)
wxDownload (HKLM-x32\...\{088DF54D-6FFC-8C91-02D5-A461DCC2E652}) (Version:  - wxDownload)
 
==================== Restore Points  =========================
 
10-04-2014 07:00:15 Windows Update
15-04-2014 13:28:21 Windows Update
18-04-2014 20:13:01 Windows Update
22-04-2014 10:21:12 Windows Update
25-04-2014 19:33:53 Windows Update
01-05-2014 16:46:07 Windows Update
03-05-2014 07:00:15 Windows Update
06-05-2014 02:35:33 OTL Restore Point - 5/5/2014 10:35:30 PM
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2014-05-05 22:35 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {3AA863C7-BDDB-46CC-9A5B-2D4FAFACBA7C} - System32\Tasks\{7B5D431F-FAAA-4161-BF46-61E9A555BE28} => Firefox.exe 
Task: {4A9B6C4B-F232-40C8-809D-317E0EAB48B3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {50984F89-2B3A-4925-9075-17829385F210} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15] (Google Inc.)
Task: {55DA050F-B62E-41C7-8BCF-459930B99E5A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6BC0A66C-1560-45DF-B81D-7C56D929B5FC} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core => C:\Users\JD\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-12-02] (RockMelt Inc.)
Task: {6EE5F1CA-7473-47D1-B01B-2EFBA21B87A5} - System32\Tasks\{D37E240F-C95E-4C31-8451-BCD3C099338B} => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [2013-01-11] (AWS Convergence Technologies, Inc.)
Task: {80A2D39F-8202-471A-A388-9CC741B339D2} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {80D73754-9C56-4798-9DE6-B0F304438870} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {8FC809A9-7B9B-40A1-90BD-4ECF1A9FBD4B} - System32\Tasks\{8042AE24-31A9-4B5C-BD98-4E326CA24BE1} => C:\Program Files (x86)\Flock\flock.exe [2011-02-18] (Flock, Inc.)
Task: {93F3D72D-6004-4FE8-A71F-E31E34D5AFE0} - System32\Tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA => C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe [2011-02-09] (Google Inc.)
Task: {94B5AC60-2ECC-44C5-BB59-1C86DBD1C192} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-15] (Google Inc.)
Task: {971FD61F-7DAB-4624-9553-410CE11B98B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {A8166BDB-4D0B-4BB5-A35E-0D5E2306BFC4} - System32\Tasks\{0CF6AEC4-C69F-4314-86B3-5370DC5D4F97} => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [2013-01-11] (AWS Convergence Technologies, Inc.)
Task: {AF08FCFC-2972-4F66-A066-65705B6C960F} - System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA => C:\Users\JD\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-12-02] (RockMelt Inc.)
Task: {B581F046-DC18-4399-A98B-A70F277E8F92} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {BE1CB0AD-E225-4E98-9B21-EC2210EB6F76} - \DigitalSite No Task File <==== ATTENTION
Task: {C3FFFE0B-155E-4A57-9B75-6DF915DA057D} - System32\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484} => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
Task: {C419D0DD-54A1-4119-93E8-865B458B952A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CC3B3680-4FCE-4347-84EB-6647F2AA72D3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D8E67F60-DEEE-4C24-9C72-FED23E6CB810} - System32\Tasks\Norton Security Scan for JD => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {EB88C5EA-46DE-4123-9048-F70657A23327} - System32\Tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core => C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe [2011-02-09] (Google Inc.)
Task: {F21B60D9-C4B2-443C-B765-C2DAEC496B2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01] (Adobe Systems Incorporated)
Task: {FE9A24C1-8E3C-491B-BF98-75DBF62A2131} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core.job => C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe
Task: C:\Windows\Tasks\FlockUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA.job => C:\Users\JD\AppData\Local\Flock\Update\FlockUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for JD.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001Core.job => C:\Users\JD\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
Task: C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-2370819180-3800432558-3504640221-1001UA.job => C:\Users\JD\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
Task: C:\Windows\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-16 21:21 - 2013-08-09 16:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-17 03:36 - 2009-12-20 21:42 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2010-06-10 15:52 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2009-11-13 17:15 - 2009-11-13 17:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 04:22 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-17 04:22 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-17 04:22 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-11-17 04:22 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-11-17 04:22 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-06-10 15:48 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-05-05 03:07 - 2014-03-24 13:37 - 00009088 _____ () C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
2010-12-16 12:36 - 2010-12-16 12:36 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2010-12-16 12:36 - 2010-12-16 12:36 - 00200704 _____ () C:\Program Files (x86)\Evernote\Evernote\LibPCRE.dll
2010-12-16 12:36 - 2010-12-16 12:36 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-04-26 08:35 - 2014-04-23 20:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-26 08:35 - 2014-04-23 20:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-26 08:35 - 2014-04-23 20:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-26 08:35 - 2014-04-23 20:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-26 08:35 - 2014-04-23 20:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-26 08:35 - 2014-04-23 20:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 8151.08 MB
Available physical RAM: 5537.81 MB
Total Pagefile: 16300.34 MB
Available Pagefile: 13332.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:920.59 GB) (Free:839.14 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 8A427EA7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=921 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

The OTL log you posted is a copy of your original scan log. Please look here: C:\_OTL\MovedFiles and you should find the fix log there. :thumbsup: Please post it along with the logs I'm requesting in these steps.


Step 1: FRST Fix
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2009-07-13 22:34 - 2014-05-05 22:35 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
Task: {80A2D39F-8202-471A-A388-9CC741B339D2} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {C3FFFE0B-155E-4A57-9B75-6DF915DA057D} - System32\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484} => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
Task: C:\Windows\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Temporary File Cleaner

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Things I need to see in your next post:

OTL Fix Log

Fixlog.txt (The log that was produced from the FRST run.)

  • 0

#5
JDEbberly

JDEbberly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here's the OTL Fix Log:

 

 

 All processes killed

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6ECAD0F9-51B9-469E-B16D-ACDFDD3C0E5B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ECAD0F9-51B9-469E-B16D-ACDFDD3C0E5B}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B04733F-E04C-4F43-9919-E5107285F4E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B04733F-E04C-4F43-9919-E5107285F4E6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B6440D3B-2967-40DC-9118-6C23541CDFF8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6440D3B-2967-40DC-9118-6C23541CDFF8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}\ not found.
C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\4p6wr1zf.default-1383453477890\searchplugins\MyStart Search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{652853ad-5592-4231-88c6-706613a52e61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652853ad-5592-4231-88c6-706613a52e61}\ deleted successfully.
C:\Program Files (x86)\somototoolbar\vmntemplateX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E951BE10-523A-E47F-47CB-E045AA2E827C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E951BE10-523A-E47F-47CB-E045AA2E827C}\ deleted successfully.
C:\ProgramData\wxDownload\5087a23556252.ocx moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{652853ad-5592-4231-88c6-706613a52e61} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652853ad-5592-4231-88c6-706613a52e61}\ not found.
File C:\Program Files (x86)\somototoolbar\vmntemplateX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Users\JD\AppData\Roaming\defaulttab folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
 
User: Default User
 
User: JD
->Temp folder emptied: 63509547 bytes
->Temporary Internet Files folder emptied: 61720 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45862855 bytes
->Google Chrome cache emptied: 117451372 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1587 bytes
 
User: LeRoy
->FireFox cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9239172 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 225.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05052014_223518
 
Files\Folders moved on Reboot...
C:\Users\JD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\JD\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
 
 
 
 
 
Here's the Fixlog.txt
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2014
Ran by JD at 2014-05-06 00:32:16 Run:1
Running from C:\Users\JD\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2009-07-13 22:34 - 2014-05-05 22:35 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
Task: {80A2D39F-8202-471A-A388-9CC741B339D2} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {C3FFFE0B-155E-4A57-9B75-6DF915DA057D} - System32\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484} => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
Task: C:\Windows\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
End
*****************
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\system32\Drivers\etc\hosts => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80A2D39F-8202-471A-A388-9CC741B339D2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80A2D39F-8202-471A-A388-9CC741B339D2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3FFFE0B-155E-4A57-9B75-6DF915DA057D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3FFFE0B-155E-4A57-9B75-6DF915DA057D} => Key deleted successfully.
C:\Windows\System32\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484} => Key deleted successfully.
C:\Windows\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job => Moved successfully.
 
==== End of Fixlog ====

  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Excellent :) Let's continue.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
Question: How is the computer running now? Has the error at startup stopped?
  • 0

#7
JDEbberly

JDEbberly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here is the ESET Scan Log:

It sure took a LOOOOOOOOOOOONG time to run, like 4-5 hours!

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2890171ecc28c347abee724015a95edd
# engine=18162
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-07 08:18:03
# local_time=2014-05-07 04:18:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 66 86 3312254 148125279 0 0
# compatibility_mode=5893 16776573 100 94 0 150994133 0 0
# scanned=263258
# found=51
# cleaned=0
# scan_time=15372
sh=741518CA17409E0C108EA202464829E6C664ED1E ft=1 fh=52477f93f91d8732 vn="a variant of MSIL/DomaIQ.A potentially unwanted application" ac=I fn="C:\dell\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=915D2098421795E7BD9DAC10D2AB736803DEB53D ft=1 fh=7018edf1b301bb6b vn="Win32/GenUpdater potentially unwanted application" ac=I fn="C:\dell\AdwCleaner\Quarantine\C\ProgramData\Premium\WxDFast\run2A21.tmp.vir"
sh=915D2098421795E7BD9DAC10D2AB736803DEB53D ft=1 fh=7018edf1b301bb6b vn="Win32/GenUpdater potentially unwanted application" ac=I fn="C:\dell\AdwCleaner\Quarantine\C\ProgramData\Premium\WxDFast\runFDE3.tmp.vir"
sh=3AF404CF509637170F0A9549E40C787E10CF0A72 ft=1 fh=8930c3e0d1a3262f vn="Win32/GenUpdater potentially unwanted application" ac=I fn="C:\dell\AdwCleaner\Quarantine\C\ProgramData\Premium\WxDFast\WxDFast.exe.vir"
sh=3D1BA1E04B5BA79EEE2B0EBA723982C795A13CD1 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\dell\AdwCleaner\Quarantine\C\ProgramData\wxDownload\5087a2355628a.html.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\dell\AdwCleaner\Quarantine\C\Users\JD\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe.vir"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=D99FA9347B3E05EC6A36156323A5D53BE8F9F14F ft=1 fh=e9a3de554c15b3cd vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe"
sh=A2D1BF04A47B7A4383913F0B6CE6D756D49A0A16 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\Users\JD\AppData\Local\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx"
sh=B45806F85A8EFA8AA923A09B28B26EE1FCFD97BA ft=1 fh=021ef04e4af54844 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ccsetup309.exe"
sh=B289C53DBB01232884364F964E8A5BCCDFBCE00A ft=1 fh=20604ce9407285e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ccsetup310.exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ccsetup407.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ccsetup408.exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ccsetup409.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ccsetup410.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ccsetup411.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ccsetup412.exe"
sh=35B617B9F72AFDADFD9017120C1D3A93BF0E453E ft=1 fh=c71c0011f4526072 vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\Users\JD\Desktop\Maintenance\ZipExtractorSetup.exe"
sh=F328A2A6A9042272693B0F6E089B96A19CF964A8 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\JD\Desktop\Maintenance\Old Firefox Data\tghq6uul.default\extensions\[email protected]\content\bg.js"
sh=F57150F87EF014AB3C0EC5CA36650C90C8F9C4A7 ft=1 fh=9e9413d21c760d8d vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ARO2011_bt.exe"
sh=E90684A7D9D2D3AB8428AEBCCA964E077F34DF44 ft=1 fh=a9cc839b9994eecc vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\JD\Downloads\cbsidlm-tr1_6-The_Weather_Channel_Desktop-10235897.exe"
sh=600A0295369F89C300038D770E5E114F2E25A3AF ft=1 fh=df0838ff15738a3a vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\JD\Downloads\cbsidlm-tr1_9-ScreenHunter_Free-SEO-10063246.exe"
sh=A8A37E54DB53B64808D4DE3DDBB505859E9F4269 ft=1 fh=b799c6fdeb2be9bc vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup311.exe"
sh=429FC48BC53BC454DBF9DD799994FD538DD2CD1C ft=1 fh=b14d744a763a52f9 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup312.exe"
sh=3B38ECE8A1605F66D7FC38CC9BCC5FF325A2ED55 ft=1 fh=bc0c24e3a63c61a6 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup313.exe"
sh=3FC75D7EC85B4B4766AE1195896F0C2C5FB3E6FE ft=1 fh=f3111313b4ad1f30 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup314.exe"
sh=F39A1D9201D021180B9FC8543783D8CE69054DCE ft=1 fh=10783dd2892ae31b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup317.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup318.exe"
sh=2C16CF7AF335A0943C5973070050474E2565691B ft=1 fh=dbab1590fe63551b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup319.exe"
sh=7EF1CA17E9835CBBA989D1F2CFEF4B794D928D13 ft=1 fh=c7fc25b20d8e6134 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup320.exe"
sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup322.exe"
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup323.exe"
sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup324.exe"
sh=6B7392086BFE81C9C47D0D041CD900A239011F74 ft=1 fh=a2718fd4c56b599b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup325.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup326.exe"
sh=180C8ED7C81E3AE7B0507B26C927EA93584B017C ft=1 fh=b0b83453fcc7b480 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup327.exe"
sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup328.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup400.exe"
sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\ccsetup401.exe"
sh=6A7D39AB09C869C51EA03027DB2B88D8052A9CDF ft=1 fh=519276e901ee5bc7 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\JD\Downloads\setupscreenhunterfree.exe"
sh=753F5167C305C95613960F19F52896316F7516AD ft=1 fh=6967d1e98cb4cff6 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="C:\Users\JD\Downloads\TempFileCleaner_3.1.1_Setup.exe"
sh=5638CFEBC6EAC7C0352DF1D1D3635278E47ECE12 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\WeatherBugSetup (1).msi"
sh=5638CFEBC6EAC7C0352DF1D1D3635278E47ECE12 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\WeatherBugSetup(1).msi"
sh=9D29F6D2525022DE8DBA15B9AF51AD1D72290413 ft=1 fh=fb22af1818343177 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\WeatherBugSetup.exe"
sh=5638CFEBC6EAC7C0352DF1D1D3635278E47ECE12 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\JD\Downloads\WeatherBugSetup.msi"
sh=32F07BA5BF3A61E2577E6E0EB49FAD3E23D96DD1 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Windows\Installer\21e5b6d.msi"
sh=B31C20D05D89EF942C8C6C619088388C44F0EA74 ft=1 fh=c71c00112a4f2ec8 vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\05052014_223518\C_Program Files (x86)\somototoolbar\vmntemplateX.dll"
sh=55B64F53328498D22D269DE2E65BE2FEEBA7DA00 ft=1 fh=75c36158ce6b01c9 vn="Win32/Adware.MultiPlug.D application" ac=I fn="C:\_OTL\MovedFiles\05052014_223518\C_ProgramData\wxDownload\5087a23556252.ocx"
sh=28122FA06BE34AE8FEFD6F435BEDFF1EBAE2AFCB ft=1 fh=c71c001191ff8a7a vn="a variant of Win32/CasOnline potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07272010_032139\C_Program Files (x86)\Cherry Red Casino\casino.dll"
sh=919DFBF4DFB478F411B4FD249154E54F3D81FE73 ft=1 fh=c925fd6d1b4c9a37 vn="a variant of Win32/CasOnline potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07272010_032139\C_Program Files (x86)\Cherry Red Casino\Install.exe"
 
 
 
 
 
 
 
 
 
 
 

Here is the MBAM Log:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/6/2014
Scan Time: 11:46:39 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.07.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JD
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337857
Time Elapsed: 28 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, , [6e92a55b12eebd43fc0bd74dbf435ba5], 
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}, , [ff017e8206fa80800fa8b672ae54d62a], 
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\TypeLib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3}, , [b44c10f00ff1de22981f6fb94eb4df21], 
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, , [fe02d42c6b95ca36d2a4f2a0a0627d83], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, , [c63a9f6123dd8b75a8646017da288c74], 
 
Files: 9
PUP.Optional.JumpyApps, C:\Users\JD\Desktop\Maintenance\ZipExtractorSetup.exe, , [7987ce32ef11c53ba303f812bf45cf31], 
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000005.sst, , [c63a9f6123dd8b75a8646017da288c74], 
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000008.sst, , [c63a9f6123dd8b75a8646017da288c74], 
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000040.log, , [c63a9f6123dd8b75a8646017da288c74], 
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, , [c63a9f6123dd8b75a8646017da288c74], 
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, , [c63a9f6123dd8b75a8646017da288c74], 
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, , [c63a9f6123dd8b75a8646017da288c74], 
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, , [c63a9f6123dd8b75a8646017da288c74], 
PUP.Optional.MySpeedDial.A, C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000038, , [c63a9f6123dd8b75a8646017da288c74], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
 
 
 
 
 
 
 
Here is the SecurityCheck Log:
 
 

Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 Temp File Cleaner   
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.206  
 Adobe Reader XI  
 Mozilla Firefox (30.0) 
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
 
 
 
 
 
 
 
 
The computer is running very well, the error at startup has stopped for at least 2 days.
 
 
I am sorry it took me so long to post this reply. A lot of real life stuff came up in the past 30 hours.
 
Thank you very much for all of your help. You did a very good job. Geeks To Go is probably the best anti malware forum on the Internet!
 
A couple of days ago, the computer suddenly shut off for no reason, but then I started it up again normally. Since then it has worked very well.

  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

The computer is running very well, the error at startup has stopped for at least 2 days.


Good to hear, you shouldn't see that error again. :thumbsup:
 

I am sorry it took me so long to post this reply. A lot of real life stuff came up in the past 30 hours.


No worries, real life is always most important. We do this on a schedule that works best for you. :)
 

Thank you very much for all of your help. You did a very good job. Geeks To Go is probably the best anti malware forum on the Internet!


Hang in there, we still have a few last things to fix. Thank you for your compliment, we try our best!
 

A couple of days ago, the computer suddenly shut off for no reason, but then I started it up again normally. Since then it has worked very well.


Ok, let me know if that becomes a regular occurance.


Let's get rid of the remnants that ESET found.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe
C:\Users\JD\AppData\Local\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx
C:\Users\JD\Desktop\Maintenance\ccsetup*.*
C:\Users\JD\Desktop\Maintenance\ZipExtractorSetup.exe
C:\Users\JD\Desktop\Maintenance\Old Firefox Data\tghq6uul.default\extensions\[email protected]\content\bg.js
C:\Users\JD\Downloads\ARO2011_bt.exe
C:\Users\JD\Downloads\cbsidlm-tr1_6-The_Weather_Channel_Desktop-10235897.exe
C:\Users\JD\Downloads\cbsidlm-tr1_9-ScreenHunter_Free-SEO-10063246.exe
C:\Users\JD\Downloads\ccsetup*.exe
C:\Users\JD\Downloads\setupscreenhunterfree.exe
C:\Users\JD\Downloads\TempFileCleaner_3.1.1_Setup.exe
C:\Users\JD\Downloads\WeatherBugSetup (1).msi
C:\Users\JD\Downloads\WeatherBugSetup(1).msi
C:\Users\JD\Downloads\WeatherBugSetup.exe
C:\Users\JD\Downloads\WeatherBugSetup.msi
C:\Windows\Installer\21e5b6d.msi
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt

  • 0

#9
JDEbberly

JDEbberly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here is Fixlog.txt:

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2014
Ran by JD at 2014-05-08 22:29:41 Run:2
Running from C:\Users\JD\Desktop\May 1\geek
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2009-07-13 22:34 - 2014-05-05 22:35 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
Task: {80A2D39F-8202-471A-A388-9CC741B339D2} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {C3FFFE0B-155E-4A57-9B75-6DF915DA057D} - System32\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484} => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
Task: C:\Windows\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job => C:\ProgramData\Premium\WxDFast\WxDFast.exe <==== ATTENTION
End
*****************
 
HKLM\SOFTWARE\Policies\Google => Key not found.
"C:\Windows\system32\Drivers\etc\hosts" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80A2D39F-8202-471A-A388-9CC741B339D2} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3FFFE0B-155E-4A57-9B75-6DF915DA057D} => Key not found.
C:\Windows\System32\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484} => Key not found.
C:\Windows\Tasks\WxDFastUpdaterTask{9394918A-4147-491E-896F-0A7FA990D484}.job not found.
 
==== End of Fixlog ====

  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hi, :)

That was an incorrect fixlist. That one was from a previous fix we've already done. Please re-run the FRST fix by following the step below. :thumbsup:
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe
C:\Users\JD\AppData\Local\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx
C:\Users\JD\Desktop\Maintenance\ccsetup*.*
C:\Users\JD\Desktop\Maintenance\ZipExtractorSetup.exe
C:\Users\JD\Desktop\Maintenance\Old Firefox Data\tghq6uul.default\extensions\[email protected]\content\bg.js
C:\Users\JD\Downloads\ARO2011_bt.exe
C:\Users\JD\Downloads\cbsidlm-tr1_6-The_Weather_Channel_Desktop-10235897.exe
C:\Users\JD\Downloads\cbsidlm-tr1_9-ScreenHunter_Free-SEO-10063246.exe
C:\Users\JD\Downloads\ccsetup*.exe
C:\Users\JD\Downloads\setupscreenhunterfree.exe
C:\Users\JD\Downloads\TempFileCleaner_3.1.1_Setup.exe
C:\Users\JD\Downloads\WeatherBugSetup (1).msi
C:\Users\JD\Downloads\WeatherBugSetup(1).msi
C:\Users\JD\Downloads\WeatherBugSetup.exe
C:\Users\JD\Downloads\WeatherBugSetup.msi
C:\Windows\Installer\21e5b6d.msi
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

  • 0

#11
JDEbberly

JDEbberly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here is the Fixlog.txt Log:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2014
Ran by JD at 2014-05-08 22:46:59 Run:3
Running from C:\Users\JD\Desktop\May 1\geek
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe
C:\Users\JD\AppData\Local\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx
C:\Users\JD\Desktop\Maintenance\ccsetup*.*
C:\Users\JD\Desktop\Maintenance\ZipExtractorSetup.exe
C:\Users\JD\Desktop\Maintenance\Old Firefox Data\tghq6uul.default\extensions\[email protected]\content\bg.js
C:\Users\JD\Downloads\ARO2011_bt.exe
C:\Users\JD\Downloads\cbsidlm-tr1_6-The_Weather_Channel_Desktop-10235897.exe
C:\Users\JD\Downloads\cbsidlm-tr1_9-ScreenHunter_Free-SEO-10063246.exe
C:\Users\JD\Downloads\ccsetup*.exe
C:\Users\JD\Downloads\setupscreenhunterfree.exe
C:\Users\JD\Downloads\TempFileCleaner_3.1.1_Setup.exe
C:\Users\JD\Downloads\WeatherBugSetup (1).msi
C:\Users\JD\Downloads\WeatherBugSetup(1).msi
C:\Users\JD\Downloads\WeatherBugSetup.exe
C:\Users\JD\Downloads\WeatherBugSetup.msi
C:\Windows\Installer\21e5b6d.msi
End
*****************
 
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe => Moved successfully.
C:\Users\JD\AppData\Local\CRE\eibleipkbineaadpnemmalkahodjhdbd.crx => Moved successfully.
C:\Users\JD\Desktop\Maintenance\ccsetup*.* => Moved successfully.
C:\Users\JD\Desktop\Maintenance\ZipExtractorSetup.exe => Moved successfully.
C:\Users\JD\Desktop\Maintenance\Old Firefox Data\tghq6uul.default\extensions\[email protected]\content\bg.js => Moved successfully.
C:\Users\JD\Downloads\ARO2011_bt.exe => Moved successfully.
C:\Users\JD\Downloads\cbsidlm-tr1_6-The_Weather_Channel_Desktop-10235897.exe => Moved successfully.
C:\Users\JD\Downloads\cbsidlm-tr1_9-ScreenHunter_Free-SEO-10063246.exe => Moved successfully.
C:\Users\JD\Downloads\ccsetup*.exe => Moved successfully.
C:\Users\JD\Downloads\setupscreenhunterfree.exe => Moved successfully.
C:\Users\JD\Downloads\TempFileCleaner_3.1.1_Setup.exe => Moved successfully.
C:\Users\JD\Downloads\WeatherBugSetup (1).msi => Moved successfully.
C:\Users\JD\Downloads\WeatherBugSetup(1).msi => Moved successfully.
C:\Users\JD\Downloads\WeatherBugSetup.exe => Moved successfully.
C:\Users\JD\Downloads\WeatherBugSetup.msi => Moved successfully.
C:\Windows\Installer\21e5b6d.msi => Moved successfully.
 
==== End of Fixlog ====

  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
There we go, that's the one, and with that..



Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.
Step 1: Program Update, Java Warning, and Installation of FileHippo


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.
  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.
You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa


Once you have downloaded JavaRa
  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.
You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 2: Tool Removal
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

You can re-enable Spybot's Teatimer at this time.


Step 3: Tips, Information, and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1835f65d.jpg

Are there any further issues I can assist you with?
  • 0

#13
JDEbberly

JDEbberly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here is the DelFix Log:

 

 

# DelFix v10.7 - Logfile created 10/05/2014 at 03:29:54
# Updated 27/04/2014 by Xplode
# Username : JD - JD-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\logFileUI.txt
Deleted : C:\Users\JD\Desktop\JavaRa-2.6.zip
Deleted : C:\Users\JD\Downloads\Addition.txt
Deleted : C:\Users\JD\Downloads\Extras.Txt
Deleted : C:\Users\JD\Downloads\FRST.txt
Deleted : C:\Users\JD\Downloads\JRT (1).exe
Deleted : C:\Users\JD\Downloads\JRT.exe
Deleted : C:\Users\JD\Downloads\OTL.Txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #487 [Windows Update | 04/22/2014 10:21:12]
Deleted : RP #488 [Windows Update | 04/25/2014 19:33:53]
Deleted : RP #489 [Windows Update | 05/01/2014 16:46:07]
Deleted : RP #490 [Windows Update | 05/03/2014 07:00:15]
Deleted : RP #491 [OTL Restore Point - 5/5/2014 10:35:30 PM | 05/06/2014 02:35:33]
Deleted : RP #492 [Windows Update | 05/06/2014 07:00:14]
Deleted : RP #493 [Windows Update | 05/09/2014 15:29:29]
Deleted : RP #494 [Removed Java 7 Update 51 | 05/10/2014 07:25:32]
Deleted : RP #495 [Removed Java 7 Update 51 | 05/10/2014 07:26:30]
 
New restore point created !
 
########## - EOF - ##########
 
 
 
 
 
I have one last issue - How do I turn on TeaTimer on Spybot Search and Destroy? I couldn't find it.
 
I removed Java off my computer. I used JavaRa. Java is history.
 
I have the FileHippo updater and CryptoPrevent in place now. ESET Online Scanner has been manually removed.

  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

I have one last issue - How do I turn on TeaTimer on Spybot Search and Destroy? I couldn't find it.


Hi :)

Here are instructions to activate Tea Timer.


1.) Start Spybot S & D, in the Menu, Select Mode and Click Advanced Mode.

2.) Click Yes in the confirmation dialogue box.

3.) Now, in the left pane, click on Tools to expand the menu. Make sure that Resident is checkmarked in the right pane and then click Resident in the left pane.

4.) In the right pane checkmark Resident "Tea timer" (Protection of over-all system settings\active.

5.) Tea timer will now start and run from the systray. Henceforth it will start with Windows to alert you against any change to your key settings.

 

I removed Java off my computer. I used JavaRa. Java is history.

I have the FileHippo updater and CryptoPrevent in place now. ESET Online Scanner has been manually removed.


Well done :thumbsup: If you have any further issues, don't hesitate to come back and see us. :)
  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP