Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

please please help - you guys are the best & our computer is a me

Started by ztastorm , Jul 17 2014 02:20 PM

malware virus ValueApps Shopper-pro

This topic is locked

#1
ztastorm

Posted 17 July 2014 - 02:20 PM

Member

Member
86 posts

Hi there-

Our computer is very sloooooooow moving and there are constant pop ups. Hyperlinks appear on various pages to lead to other popups and generally hijack from the pages were on..please help us! I've tried to mess with Chrome thinking it was Extensions or something (those also get changed into programs we don't intentionally download)..I try to go under Control Panel and delete programs but it won't work..especially with Shopper-Pro and ValueApps..It says that I don't have access to delete them or something..so annoying! Please help...You guys are so great thankyou!!

OTL logfile created on: 7/17/2014 3:54:59 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephen\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.84% Memory free

7.93 Gb Paging File | 5.55 Gb Available in Paging File | 69.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 582.40 Gb Total Space | 467.10 Gb Free Space | 80.20% Space Free | Partition Type: NTFS

Drive D: | 7.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STEPHEN-PC | User Name: Stephen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/17 15:54:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Downloads\OTL (1).exe

PRC - [2014/07/15 17:40:22 | 001,592,208 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe

PRC - [2014/06/26 09:22:12 | 000,736,616 | ---- | M] (Goobzo) -- C:\Program Files (x86)\ShopperPro\Updater.exe

PRC - [2014/06/26 09:19:14 | 003,211,776 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe

PRC - [2014/06/21 15:32:52 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

PRC - [2014/04/17 06:31:30 | 000,391,040 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe

PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/12/03 22:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2012/11/11 21:03:41 | 001,008,032 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe

PRC - [2012/11/05 21:55:38 | 000,107,520 | ---- | M] () -- C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

PRC - [2012/10/15 13:32:06 | 000,568,464 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe

PRC - [2012/09/27 16:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE

PRC - [2012/09/27 16:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE

PRC - [2012/09/27 16:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE

PRC - [2012/08/31 10:32:14 | 000,452,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

PRC - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

PRC - [2009/12/06 12:24:32 | 000,954,880 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/26 09:19:14 | 003,211,776 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe

MOD - [2014/06/26 09:11:40 | 001,257,472 | ---- | M] () -- C:\Program Files\Common Files\ShopperPro\spbici32.dll

MOD - [2014/05/14 03:02:02 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll

MOD - [2014/04/29 17:23:01 | 001,161,080 | ---- | M] () -- C:\Windows\SysWOW64\Websteroids.B324755F3F87.2.6.80.dll

MOD - [2014/04/17 06:31:30 | 009,844,080 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll

MOD - [2014/04/17 06:31:30 | 000,391,040 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

MOD - [2014/02/27 04:12:12 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll

MOD - [2014/02/27 04:11:49 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll

MOD - [2014/02/27 04:11:49 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll

MOD - [2014/02/27 04:11:48 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll

MOD - [2014/02/27 04:11:47 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\c6ab75afe61e2065e65a2faa795abff9\PresentationFramework-SystemCore.ni.dll

MOD - [2014/02/27 04:03:14 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll

MOD - [2014/02/27 04:03:11 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll

MOD - [2014/02/27 04:03:10 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll

MOD - [2014/02/27 04:03:05 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll

MOD - [2014/02/27 04:03:01 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll

MOD - [2014/02/27 04:02:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll

MOD - [2014/02/27 04:02:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll

MOD - [2014/02/27 04:02:53 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll

MOD - [2014/02/27 04:02:50 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll

MOD - [2014/02/27 04:02:50 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll

MOD - [2014/02/27 04:02:46 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll

MOD - [2014/02/27 04:02:46 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll

MOD - [2014/02/27 04:02:41 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll

MOD - [2014/02/27 04:02:40 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2013/12/03 22:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 22:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/03 22:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 22:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

MOD - [2013/12/03 22:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

MOD - [2013/12/03 22:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll

MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll

MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll

MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll

MOD - [2010/06/02 01:05:48 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll

MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll

MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll

MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll

MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll

MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)

SRV:64bit: - [2014/06/26 09:12:50 | 002,346,880 | ---- | M] (ShopperPro) [Auto | Running] -- C:\Program Files\Common Files\ShopperPro\spbiu.exe -- (SPBIUpd)

SRV:64bit: - [2014/04/09 09:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)

SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2014/07/09 09:48:18 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/06/25 13:58:02 | 000,172,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\SupraSavingsService64.exe -- (SupraSavingsService64)

SRV - [2014/05/14 16:01:58 | 002,496,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)

SRV - [2014/04/29 17:23:00 | 000,065,912 | ---- | M] (Creative Island Media, LLC) [Auto | Stopped] -- C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe -- (Websteroids)

SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/19 23:24:44 | 000,574,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/11/11 21:03:41 | 001,008,032 | ---- | M] () [Auto | Running] -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe -- (M4-Service)

SRV - [2012/11/05 21:55:38 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)

SRV - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2010/04/02 21:54:48 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)

SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)

DRV:64bit: - [2014/06/26 09:12:50 | 000,041,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\ShopperPro\spbiw.sys -- (SPBIUpdd)

DRV:64bit: - [2014/06/12 15:05:34 | 000,046,376 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)

DRV:64bit: - [2014/05/26 20:57:16 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}w64)

DRV:64bit: - [2014/05/22 18:27:28 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys -- ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w64)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2009/10/11 18:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/05/25 16:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)

DRV - [2014/06/26 09:22:12 | 000,052,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.sys -- (SPDRIVER_1.37.1.189)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1910340270&ir=

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=

IE - HKLM\..\SearchScopes,DefaultScope = {F3B7318D-8501-4CF4-A89F-C79AAB5D3506}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE}: "URL" = http://www.safesear....q={searchTerms}

IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48v1l5w45l1v215

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com/?ctid=CT [Binary data over 200 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 01 56 D1 D6 BA CD 01 [binary data]

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}

IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...17E4AA336&SSPV=

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.doko-sear...125830&tsp=5036

IE - HKCU\..\SearchScopes\{160ED137-366E-4A47-A78D-FDB597F08CF5}: "URL" = http://us.yhs4.searc...669,0,GC31,7743

IE - HKCU\..\SearchScopes\{19743005-1817-4106-A57E-43D0A032E54B}: "URL" = http://us.yhs4.searc...669,0,GC31,7743

IE - HKCU\..\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE}: "URL" = http://www.safesear....q={searchTerms}

IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1910340270&ir=

IE - HKCU\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS399

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\..\SearchScopes\{7F9398D8-2CF6-44E0-B4D6-5B5EB17B1B0E}: "URL" = http://www.mysearchr...q={searchTerms}

IE - HKCU\..\SearchScopes\{8F3F0499-AC86-4DCD-A4F6-9CD6189C98B6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\..\SearchScopes\{9930EAB7-EC96-4E5F-87A8-3F0B0179906E}: "URL" = http://search.yahoo....p={searchTerms}

IE - HKCU\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}

IE - HKCU\..\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}: "URL" = http://search.condui...971B38E57&SSPV=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions [2010/11/26 22:20:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}: 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\

[2010/09/30 13:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions

[2014/03/16 15:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\firefox\extensions

[2013/10/15 19:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA2818\FF

[2010/09/27 17:29:53 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)

CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},

CHR - homepage: http://speedial.com/...=1910340270&ir=

CHR - Extension: Google Wallet = C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2014/03/17 17:40:12 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)

O2:64bit: - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)

O2 - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found

O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()

O4 - HKLM..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe ()

O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found

O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)

O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found

O4 - HKCU..\Run: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe" File not found

O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found

O4 - HKCU..\Run: [NextLive] C:\Users\Stephen\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)

O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found

O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()

O4 - HKCU..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D3D25A7-624A-4121-B474-CEB52A0DF990}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ()

O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0481ec8d-d6c2-11e3-8c8e-00262d30b7e8}\Shell - "" = AutoRun

O33 - MountPoints2\{0481ec8d-d6c2-11e3-8c8e-00262d30b7e8}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/09 21:08:16 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/07/09 21:08:15 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014/07/09 21:08:04 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe

[2014/07/09 21:08:04 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe

[2014/07/09 21:08:03 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll

[2014/07/09 21:08:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll

[2014/07/09 21:08:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2014/07/09 21:07:53 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2014/07/01 06:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380

[2014/06/30 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Service Manager

[2014/06/30 13:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java Service Manager

[2014/06/30 13:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1

[2014/06/30 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\suprasavings

[2014/06/30 13:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\003

[2014/06/28 11:43:24 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool

[2014/06/28 11:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool

[2014/06/28 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Stephen\Desktop\stuff

[2014/06/27 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\XboxMB

[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Windows\XSxS

[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Xenocode

[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode

[2014/06/27 13:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates

[2014/06/27 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GOOBZO

[2014/06/27 13:52:21 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\globalUpdate

[2014/06/27 13:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate

[2014/06/27 13:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule

[2014/06/27 13:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopperPro

[2014/06/27 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo

[2014/06/27 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro

[2014/06/27 13:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ShopperPro

[2014/06/27 13:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShopperPro

[2014/06/27 13:51:47 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Installer

[2014/06/27 13:51:42 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\CrashRpt

[2014/06/24 00:18:55 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ATL90.dll

[2014/06/24 00:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/17 15:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job

[2014/07/17 15:53:00 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job

[2014/07/17 15:48:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/07/17 15:40:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/07/17 15:39:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Speedial.job

[2014/07/17 15:38:31 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/07/17 15:11:01 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\bench-Updater removing.job

[2014/07/17 13:07:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\bench-sys.job

[2014/07/16 16:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job

[2014/07/16 09:44:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2014/07/15 17:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/07/15 17:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/07/15 17:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/07/15 17:40:09 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys

[2014/07/15 17:39:26 | 000,031,854 | ---- | M] () -- C:\Users\Stephen\Desktop\Documents\image.jpeg

[2014/07/12 09:42:16 | 000,111,957 | ---- | M] () -- C:\Windows\SysNative\ScanResults.xml

[2014/07/12 09:35:03 | 000,007,312 | ---- | M] () -- C:\Windows\SysNative\SettingsFile

[2014/07/12 09:35:03 | 000,000,464 | ---- | M] () -- C:\Windows\SysNative\ScannerSettings

[2014/07/10 03:22:31 | 000,428,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/07/09 09:48:16 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014/07/09 09:48:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014/07/06 23:19:53 | 000,000,119 | ---- | M] () -- C:\Windows\Reimage.ini

[2014/07/06 16:53:06 | 000,045,081 | ---- | M] () -- C:\Users\Stephen\Desktop\Dear Daddy.rtf

[2014/06/29 22:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/06/29 22:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014/06/27 23:06:30 | 000,786,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/06/27 23:06:30 | 000,665,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/06/27 23:06:30 | 000,123,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/06/27 16:31:35 | 828,481,536 | ---- | M] () -- C:\Users\Stephen\Desktop\4E20EB9159A5B21CB62805D162FFB734DD59520A42

[2014/06/27 16:23:24 | 000,000,118 | ---- | M] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842.url

[2014/06/27 16:22:13 | 079,413,248 | ---- | M] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842

[2014/06/27 13:53:28 | 000,000,045 | ---- | M] () -- C:\user.js

[2014/06/17 22:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe

[2014/06/17 21:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/15 17:39:26 | 000,031,854 | ---- | C] () -- C:\Users\Stephen\Desktop\Documents\image.jpeg

[2014/07/12 09:42:16 | 000,111,957 | ---- | C] () -- C:\Windows\SysNative\ScanResults.xml

[2014/07/12 09:35:03 | 000,000,464 | ---- | C] () -- C:\Windows\SysNative\ScannerSettings

[2014/07/12 09:35:02 | 000,007,312 | ---- | C] () -- C:\Windows\SysNative\SettingsFile

[2014/07/06 23:18:11 | 000,000,119 | ---- | C] () -- C:\Windows\Reimage.ini

[2014/07/06 16:53:06 | 000,045,081 | ---- | C] () -- C:\Users\Stephen\Desktop\Dear Daddy.rtf

[2014/06/27 16:47:23 | 828,481,536 | ---- | C] () -- C:\Users\Stephen\Desktop\4E20EB9159A5B21CB62805D162FFB734DD59520A42

[2014/06/27 16:23:50 | 079,413,248 | ---- | C] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842

[2014/06/27 16:23:24 | 000,000,118 | ---- | C] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842.url

[2014/06/27 13:53:33 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job

[2014/06/27 13:53:28 | 000,000,045 | ---- | C] () -- C:\user.js

[2014/04/29 17:23:01 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.80.dll

[2014/03/21 19:02:56 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.dll

[2014/03/14 17:31:17 | 000,000,066 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2014/01/23 18:46:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/10/15 20:45:54 | 000,000,065 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\WB.CFG

[2013/10/15 20:45:54 | 000,000,006 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\WBPU-TTL.DAT

[2013/08/13 20:54:49 | 000,000,258 | RHS- | C] () -- C:\Users\Stephen\ntuser.pol

[2012/12/26 18:58:39 | 000,000,662 | ---- | C] () -- C:\Users\Stephen\AppData\Local\cookies.ini

[2012/12/23 20:29:47 | 000,161,728 | ---- | C] () -- C:\Program Files (x86)\gcres.dll

[2012/12/23 20:29:47 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini

[2012/11/05 21:55:58 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010/09/29 13:09:00 | 000,000,000 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========

[2013/10/02 21:21:14 | 000,263,051 | ---- | M] ()(C:\Users\Stephen\Desktop\MIKE_CLA?IMS.rtf) -- C:\Users\Stephen\Desktop\MIKE_CLAIMS.rtf

[2013/10/02 21:21:09 | 000,263,051 | ---- | C] ()(C:\Users\Stephen\Desktop\MIKE_CLA?IMS.rtf) -- C:\Users\Stephen\Desktop\MIKE_CLAIMS.rtf

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AD022376

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:56E2E879

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:07F6D9E4

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:373E1720

< End of report >