Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups in Firefox

Firefox popups

  • Please log in to reply

#1
John Aukerman

John Aukerman

    Member

  • Member
  • PipPipPip
  • 204 posts

I use three browsers, and two of them are fine. But every time I start Firefox, I get popups from reimageplus.com and softwareupdaterlp.com. I ran OTL by Old Timer and here is the log:

 

OTL logfile created on: 1/15/2015 11:40:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jhaukerman\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.17 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 37.64% Memory free
6.33 Gb Paging File | 4.06 Gb Available in Paging File | 64.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 40.16 Gb Free Space | 17.24% Space Free | Partition Type: NTFS
Drive P: | 1300.00 Gb Total Space | 51.08 Gb Free Space | 3.93% Space Free | Partition Type: NTFS
Drive S: | 660.00 Gb Total Space | 13.89 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
Drive T: | 660.00 Gb Total Space | 13.89 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
 
Computer Name: JHAUKERMAN8200 | User Name: jhaukerman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/15 11:40:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jhaukerman\Downloads\OTL.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/10 10:16:25 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/11/17 07:26:17 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/12 00:18:24 | 001,423,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2014/10/29 09:43:04 | 000,101,192 | ---- | M] (Google) -- C:\Users\jhaukerman\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/10/01 17:09:52 | 002,569,216 | ---- | M] (ShoreTel Inc.) -- C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe
PRC - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 11:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/13 14:15:34 | 001,743,648 | ---- | M] (Wondershare) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/01 11:24:48 | 000,058,480 | ---- | M] (Screencast-O-Matic) -- C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe
PRC - [2011/06/14 17:20:14 | 006,044,264 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/09/18 03:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\SmsClrHost.exe
PRC - [2007/12/14 15:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
PRC - [2007/12/10 14:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Philips\SPC230NC\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/15 10:43:16 | 001,160,704 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\_ssl.pyd
MOD - [2015/01/15 10:43:16 | 000,805,888 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\wx._gdi_.pyd
MOD - [2015/01/15 10:43:16 | 000,713,216 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\_hashlib.pyd
MOD - [2015/01/15 10:43:16 | 000,110,080 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\pywintypes27.dll
MOD - [2015/01/15 10:43:16 | 000,027,136 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\_multiprocessing.pyd
MOD - [2015/01/15 10:43:16 | 000,007,168 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\hashobjs_ext.pyd
MOD - [2015/01/15 10:43:15 | 000,811,008 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\wx._windows_.pyd
MOD - [2015/01/15 10:43:15 | 000,070,656 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\wx._html2.pyd
MOD - [2015/01/15 10:43:14 | 000,024,064 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32pipe.pyd
MOD - [2015/01/15 10:43:13 | 000,025,600 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32pdh.pyd
MOD - [2015/01/15 10:43:12 | 001,062,400 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\wx._controls_.pyd
MOD - [2015/01/15 10:43:11 | 000,686,080 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\unicodedata.pyd
MOD - [2015/01/15 10:43:11 | 000,010,240 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\select.pyd
MOD - [2015/01/15 10:43:10 | 000,127,488 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\pyexpat.pyd
MOD - [2015/01/15 10:43:10 | 000,119,808 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32file.pyd
MOD - [2015/01/15 10:43:10 | 000,108,544 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32security.pyd
MOD - [2015/01/15 10:43:10 | 000,045,568 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\_socket.pyd
MOD - [2015/01/15 10:43:10 | 000,038,912 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32inet.pyd
MOD - [2015/01/15 10:43:10 | 000,018,432 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32event.pyd
MOD - [2015/01/15 10:43:10 | 000,017,408 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32profile.pyd
MOD - [2015/01/15 10:43:08 | 001,175,040 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\wx._core_.pyd
MOD - [2015/01/15 10:43:08 | 000,735,232 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\wx._misc_.pyd
MOD - [2015/01/15 10:43:08 | 000,557,056 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\pysqlite2._sqlite.pyd
MOD - [2015/01/15 10:43:08 | 000,525,640 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/15 10:43:08 | 000,364,544 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\pythoncom27.dll
MOD - [2015/01/15 10:43:08 | 000,320,512 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32com.shell.shell.pyd
MOD - [2015/01/15 10:43:08 | 000,167,936 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32gui.pyd
MOD - [2015/01/15 10:43:08 | 000,128,512 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\_elementtree.pyd
MOD - [2015/01/15 10:43:08 | 000,122,368 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\wx._wizard.pyd
MOD - [2015/01/15 10:43:08 | 000,098,816 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32api.pyd
MOD - [2015/01/15 10:43:08 | 000,087,552 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\_ctypes.pyd
MOD - [2015/01/15 10:43:08 | 000,078,336 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\wx._animate.pyd
MOD - [2015/01/15 10:43:08 | 000,022,528 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32ts.pyd
MOD - [2015/01/15 10:43:08 | 000,011,264 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32crypt.pyd
MOD - [2015/01/15 10:43:07 | 000,035,840 | ---- | M] () -- C:\Users\JHAUKE~1\AppData\Local\Temp\_MEI26762\win32process.pyd
MOD - [2015/01/12 06:09:51 | 001,020,928 | ---- | M] () -- C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2014/12/10 10:16:23 | 003,758,192 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/12 11:47:46 | 000,666,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CASIntfCSharp\9a0f43584aecee835fde23d4678bf97a\CASIntfCSharp.ni.dll
MOD - [2014/11/12 11:45:31 | 000,785,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\d83810da4cb0cf0802c2cf15c652b368\System.EnterpriseServices.ni.dll
MOD - [2014/11/12 11:45:31 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\d83810da4cb0cf0802c2cf15c652b368\System.EnterpriseServices.Wrapper.dll
MOD - [2014/11/06 09:29:24 | 001,551,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PCMSkin\9de894cab860126e28a8898efd3de6ec\PCMSkin.ni.dll
MOD - [2014/11/06 09:29:24 | 000,868,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PCMControls\99ac86ec40992b964a45b028b29d165f\PCMControls.ni.dll
MOD - [2014/11/06 09:29:24 | 000,142,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EAEXCTRLLib\331eceacebf5002b5036777b36ea91ef\EAEXCTRLLib.ni.dll
MOD - [2014/11/06 09:29:23 | 002,949,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PCMUtils\1a484e575b13f44a417de4d2c7809029\PCMUtils.ni.dll
MOD - [2014/11/06 09:29:23 | 000,898,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\STVideo\b9821a7caedad34622dc44b18a03c18b\STVideo.ni.dll
MOD - [2014/11/06 09:29:23 | 000,593,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.SQLite\26084d21a549aa271ea19f688046bf00\System.Data.SQLite.ni.dll
MOD - [2014/11/06 09:29:23 | 000,222,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\OutlookPres179f6513#\53fcfff63f00da4341652907972b4cdb\OutlookPresenceProviderLib.ni.dll
MOD - [2014/11/06 09:29:23 | 000,195,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PCMIMLib\fe9470dee8f541f2b709d08e099afd13\PCMIMLib.ni.dll
MOD - [2014/11/06 09:29:23 | 000,192,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GALImport\89baea09ffb49a303a63963ac07cc2a4\GALImport.ni.dll
MOD - [2014/11/06 09:29:22 | 005,335,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevExpress.2cfd1d44#\ffe9a2945d6c2d8bb7077b05166b51b0\DevExpress.XtraGrid.v10.2.ni.dll
MOD - [2014/11/06 09:29:22 | 001,433,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevExpress.8300ef56#\9b47397b6a8781ead54e1b82c84dc12d\DevExpress.XtraVerticalGrid.v10.2.ni.dll
MOD - [2014/11/06 09:29:22 | 000,427,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Jayrock.Json\96a4dc4fa752337b9791672fac4b0019\Jayrock.Json.ni.dll
MOD - [2014/11/06 09:29:22 | 000,393,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PCMBasics\57aeb032c0ad1c9be45ba10aeedad9ad\PCMBasics.ni.dll
MOD - [2014/11/06 09:29:22 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DOCSHARELib\070648506fe0a7264f1dc509d961069a\DOCSHARELib.ni.dll
MOD - [2014/11/06 09:29:21 | 009,615,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevExpress.47ff7513#\81052915253879f52ccd45df6aa938e2\DevExpress.Data.v10.2.ni.dll
MOD - [2014/11/06 09:29:21 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\log4net\2f58e83448a7a7ad9c6b65b0e3d2539e\log4net.ni.dll
MOD - [2014/11/06 09:29:21 | 000,054,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ShoreTrace\d3c6e107ce9b4ef5a5d12927b86cb916\ShoreTrace.ni.dll
MOD - [2014/11/06 09:29:20 | 005,386,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevExpress.25e782ee#\f92e63bf65904b30a0069c64ad184f68\DevExpress.XtraEditors.v10.2.ni.dll
MOD - [2014/11/06 09:29:19 | 006,715,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ShoreTel\373678423b54b6df8b5030219f6afa90\ShoreTel.ni.exe
MOD - [2014/11/06 09:29:19 | 005,783,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevExpress.2845451e#\d512ae1cfaa301b71d75566220610a47\DevExpress.XtraBars.v10.2.ni.dll
MOD - [2014/11/06 09:29:18 | 005,856,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevExpress.ffe42a54#\cf6b32383fff00f17c30fecbd5e88068\DevExpress.Utils.v10.2.ni.dll
MOD - [2014/11/06 09:29:17 | 000,631,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\STUIControls\3801c9950ff3b6d1c9b4f2e53a9dbad8\STUIControls.ni.dll
MOD - [2014/10/15 13:18:13 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\a26884cd80c1d4a7e3f00c795e5cb305\System.Transactions.ni.dll
MOD - [2014/10/15 13:18:10 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/10/15 13:18:09 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 13:18:07 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 13:18:06 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 13:18:03 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 13:18:03 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 13:18:02 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/03/04 14:04:02 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/03/04 14:04:01 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/03/04 14:04:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e7e7e3b82e91028e6ed05189f837ea13\Accessibility.ni.dll
MOD - [2013/11/22 09:02:29 | 000,053,248 | ---- | M] () -- C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\SOMTrayNative-1.0.dll
MOD - [2013/10/29 09:27:19 | 000,089,600 | ---- | M] () -- C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\SOMNative-2.17.3.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/03/28 00:47:34 | 000,424,960 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\LMUD1N4A.DLL
MOD - [2012/03/28 00:47:30 | 000,882,176 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\LMUD1N4Z.DLL
MOD - [2012/03/19 21:09:08 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/12/14 15:58:30 | 000,241,664 | ---- | M] () -- C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2015/01/14 09:18:08 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/12/10 10:16:24 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 20:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/08/22 11:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 11:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/01/29 22:12:30 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/12/19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/09 08:17:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\taphss6.sys -- (taphss6)
DRV - [2014/07/17 17:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/10/01 19:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/08/15 21:07:46 | 000,032,864 | ---- | M] (ShoreTel, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\staccel.sys -- (staccel)
DRV - [2012/08/23 09:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/10 21:43:26 | 000,358,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2012/06/13 08:49:40 | 000,070,784 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2012/06/13 08:49:40 | 000,034,944 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2012/03/27 00:13:20 | 000,792,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012/03/27 00:13:20 | 000,349,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012/03/27 00:13:20 | 000,015,640 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2012/02/01 11:54:54 | 000,022,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV - [2012/01/03 23:24:16 | 000,173,184 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdxhc.sys -- (amdxhc)
DRV - [2012/01/03 23:24:14 | 000,082,560 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdhub30.sys -- (amdhub30)
DRV - [2011/12/06 18:22:02 | 000,280,576 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/11/09 10:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2011/11/09 10:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2011/07/26 13:19:40 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2011/07/18 07:11:42 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/02/09 00:26:46 | 000,023,640 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\johci.sys -- (johci)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/29 12:00:50 | 000,238,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/09/06 20:37:16 | 000,104,024 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2010/08/13 13:16:52 | 000,057,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ifP52x32.sys -- (IFCoEVB)
DRV - [2010/08/13 13:16:46 | 000,264,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ifM52x32.sys -- (IFCoEMP)
DRV - [2010/06/17 04:15:36 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/03/01 13:56:28 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2010/02/26 18:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/04 17:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 07:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 18:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/31 19:32:24 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/12/31 15:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SPC230NC.SYS -- (SPC230NC)
DRV - [2007/09/26 13:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAEAFLT.sys -- (PAEAFLT.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://obc.itsme247.com/156/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 D1 37 D1 F5 DA CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{DCF3BCB6-09ED-4C7F-AE7C-97150087E3C1}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.startup.homepage: "http://accessau.anderson.edu/"
FF - prefs.js..extensions.enabledAddons: plugin%40analytic-s.com:1.0.4
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.77
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..keyword.URL: "http://search.yahoo....type=514467&p="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jhaukerman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\jhaukerman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BearSharePlugin: C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/02/08 21:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jhaukerman\AppData\Roaming\mozilla\Extensions
[2015/01/15 10:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jhaukerman\AppData\Roaming\mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\extensions
[2013/12/12 13:11:42 | 000,000,000 | ---D | M] (Connect DLC 5) -- C:\Users\jhaukerman\AppData\Roaming\mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
[2013/11/07 06:28:29 | 000,000,000 | ---D | M] ("Analytics") -- C:\Users\jhaukerman\AppData\Roaming\mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\extensions\[email protected]
[2015/01/14 06:47:46 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\jhaukerman\AppData\Roaming\mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\extensions\[email protected]
[2014/12/10 10:16:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/12/10 10:16:18 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2014/12/10 10:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/12/10 10:16:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - default_search_provider: 6019581C1CEDBFDCEDD800157FF660949A545231690A49C7C4CA9D10263D4F89 (Enabled)
CHR - default_search_provider: search_url = F99EE588C023307EE30579FEC39132A69806A0085CA5AAD62417775716041A13
CHR - default_search_provider: suggest_url = 
CHR - homepage: 0EAE4EDFBF0D7F45AE0AD3315476AF1F93CD4F102B9ADA6364AB1D213EF24C94
CHR - Extension: Google Drive = C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: http://newlifetogether.org/ = C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bclclncjfbbmdcmjdmclknocacjihnna\2013.1.30.31639_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.85_0\
CHR - Extension: Clearly = C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\10.4.1.6_0\
CHR - Extension: Application Launcher for Drive (by Google) = C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: Google Wallet = C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SPC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SPC230NC_Monitor] C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
O4 - HKCU..\Run: [Screencast-O-Matic Tray] C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe (Screencast-O-Matic)
O4 - HKCU..\Run: [ShoreTel Personal Call Manager] C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe (ShoreTel Inc.)
O4 - Startup: C:\Users\jhaukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome - Shortcut.lnk = C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O8 - Extra context menu item: LastPass - file://C:\Users\jhaukerman\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\jhaukerman\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.130.69.124 10.130.69.125 10.130.69.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = anderson.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE024DC9-1362-4552-A90C-2E1CEC00DEAD}: DhcpNameServer = 10.130.69.124 10.130.69.125 10.130.69.128
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/15 11:29:30 | 000,000,000 | ---D | C] -- C:\Users\jhaukerman\AppData\Roaming\MyTurboPC.com
[2015/01/15 11:29:28 | 000,000,000 | ---D | C] -- C:\Users\jhaukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
[2015/01/15 11:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MyTurboPC.com
[2015/01/15 11:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2015/01/15 11:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\MyTurboPC.com
[2014/12/17 11:44:45 | 000,000,000 | ---D | C] -- C:\Users\jhaukerman\Desktop\COS
[2014/12/17 10:00:25 | 000,000,000 | ---D | C] -- C:\Users\jhaukerman\Desktop\AIM
[2012/08/24 05:37:55 | 009,113,600 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/15 11:31:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/15 11:29:37 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2015/01/15 11:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/15 11:02:35 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326UA.job
[2015/01/15 10:51:04 | 000,664,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/01/15 10:51:04 | 000,122,828 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/01/15 10:49:52 | 000,027,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/15 10:49:52 | 000,027,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/15 10:45:08 | 000,000,404 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2015/01/15 10:42:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/15 10:42:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/15 10:42:34 | 2549,624,832 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/15 09:15:03 | 000,023,730 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/01/15 07:02:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326Core.job
 
========== Files Created - No Company Name ==========
 
[2015/01/15 11:29:37 | 000,000,462 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2014/05/02 11:25:26 | 000,000,082 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2014/01/29 22:12:28 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin
[2014/01/29 22:12:24 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2014/01/29 22:12:16 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin
[2014/01/29 22:12:16 | 000,077,312 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2014/01/29 22:12:10 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2013/09/26 05:17:25 | 000,000,842 | ---- | C] () -- C:\Windows\System32\SPC230NC.INI
[2013/07/03 08:10:34 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\f9t.dat
[2012/11/07 09:28:07 | 000,000,048 | ---- | C] () -- C:\Users\jhaukerman\AppData\Roaming\net.dacons.mil1
[2012/08/24 09:37:02 | 000,007,168 | ---- | C] () -- C:\Users\jhaukerman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/23 10:30:05 | 000,001,526 | RHS- | C] () -- C:\Users\jhaukerman\ntuser.pol
[2012/02/08 18:39:21 | 000,023,730 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/24 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\Blackboard
[2014/05/02 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\FTW
[2012/11/07 10:48:22 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\Gradekeeper
[2012/08/24 10:15:21 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\iSpring Solutions
[2012/10/26 07:33:34 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\iVideoConverter
[2013/12/16 09:16:04 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\Moyea
[2015/01/15 11:29:30 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\MyTurboPC.com
[2013/12/12 10:22:06 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\RecoolTec
[2013/09/25 06:56:28 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\Recordpad
[2014/11/06 09:31:03 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\ShoreWare Client
[2013/07/30 07:19:29 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\Stamps.com Internet Postage
[2013/12/12 08:37:31 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/10/14 06:02:56 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\{3C542CC5-1F1F-40F9-A2D0-A90AD8080C6F}
[2013/12/12 08:37:29 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[2014/11/06 09:27:36 | 000,000,000 | ---D | M] -- C:\Users\jhaukerman\AppData\Roaming\{BE7AF026-4A20-4287-BDEE-DF2333DAC397}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8FD693D2
 
< End of report >
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,009 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
    The above may get rid of your problem but if not:
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts

    ADWCleaner report:

     

    # AdwCleaner v4.107 - Report created 16/01/2015 at 07:22:37
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-13.2 [Live]
    # Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
    # Username : jhaukerman - JHAUKERMAN8200
    # Running from : C:\Users\jhaukerman\Downloads\AdwCleaner (1).exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
     
    ***** [ Scheduled Tasks ] *****
     
    Task Deleted : MyTurboPC.com Registration3
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17496
     
     
    -\\ Mozilla Firefox v34.0.5 (x86 en-US)
     
     
    -\\ Google Chrome v39.0.2171.95
     
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=63d3aaf2-f7af-4224-9f8b-39e45a700124&searchtype=ds&q={searchTerms}&installDate={installDate}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3227980
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3227980
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29705994201228163&ctid=CT3306061&UM=2
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29705994201228163&ctid=CT3306061&UM=2
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={F212F037-6AE7-49E0-91C7-A6BEE6128211}&mid=2b36cc06a16f47d08b25d1530d873ef9-f262536b1640d940e0a4dad28910a329d4e3f29c&lang=en&ds=ft011&pr=sa&d=2012-03-16 06:47:13&v=11.0.0.9&sap=dsp&q={searchTerms}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxpt070YYUS&ptnrS=ZRxpt070YYUS&si=ggl002c&ptb=R8geCi9I.GYjQuqGkBYY4g&ind=2012100906&n=77ee392a&psa=&st=sb&searchfor={searchTerms}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxpt070YYUS&ptnrS=ZRxpt070YYUS&si=ggl002c&ptb=R8geCi9I.GYjQuqGkBYY4g&ind=2012100906&n=77ee392a&psa=&st=sb&searchfor={searchTerms}
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4496bba3-ea49-4fde-89a9-1b58021e4e30&apn_sauid=66858C9A-4A33-4388-BFC2-391B34A063E6
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4496bba3-ea49-4fde-89a9-1b58021e4e30&apn_sauid=66858C9A-4A33-4388-BFC2-391B34A063E6
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=48
    [C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=48
     
    *************************
     
    AdwCleaner[R0].txt - [19997 octets] - [15/01/2015 10:37:05]
    AdwCleaner[R1].txt - [4948 octets] - [16/01/2015 07:20:24]
    AdwCleaner[S0].txt - [19682 octets] - [15/01/2015 10:41:05]
    AdwCleaner[S1].txt - [4907 octets] - [16/01/2015 07:22:37]
     
    ########## EOF - P:\AdwCleaner\AdwCleaner[S1].txt - [4967 octets] ##########
     
     
    JRT report:
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Enterprise x86
    Ran by jhaukerman on Fri 01/16/2015 at  7:26:29.58
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Manager-RTMRules
    Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Manager-RTMScan
    Successfully deleted: [File] C:\Windows\System32\Tasks\Driver Manager-RTMUpdater
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\Users\jhaukerman\Local Settings\Application Data\cre"
     
     
     
    ~~~ FireFox
     
    Emptied folder: C:\Users\jhaukerman\AppData\Roaming\mozilla\firefox\profiles\qmz4l8bc.default-1372853397062\minidumps [30 files]
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 01/16/2015 at  7:28:29.97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    FRST report:
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
    Ran by jhaukerman (administrator) on JHAUKERMAN8200 on 16-01-2015 07:30:09
    Running from C:\Users\jhaukerman\Downloads
    Loaded Profiles: jhaukerman (Available profiles: AdminJLS & tech & AUGuest & jhaukerman)
    Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\CCM\CcmExec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (PixArt Imaging Incorporation) C:\Windows\Philips\SPC230NC\Monitor.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (ShoreTel Inc.) C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe
    (Screencast-O-Matic) C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe
    () C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\jhaukerman\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2333968 2012-06-05] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6044264 2011-06-14] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [SPC230NC_Monitor] => C:\Windows\Philips\SPC230NC\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
    HKLM\...\Run: [SPC_Monitor] => C:\Windows\Philips\SPC230NC\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [Google Update] => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-29] (Google Inc.)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-24] (Google Inc.)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [Philips Intelligent Agent] => C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe [613792 2008-02-21] (Philips Consumer Electronics)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [ShoreTel Personal Call Manager] => C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe [2569216 2014-10-01] (ShoreTel Inc.)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [Screencast-O-Matic Tray] => C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe [58480 2012-11-01] (Screencast-O-Matic)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Policies\Explorer: [ForceStartMenuLogOff] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk
    ShortcutTarget: TrayMin230.lnk -> C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe ()
    Startup: C:\Users\jhaukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome - Shortcut.lnk
    ShortcutTarget: chrome - Shortcut.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\Software\Microsoft\Internet Explorer\Main,Start Page = https://obc.itsme247.com/156/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326 -> {DCF3BCB6-09ED-4C7F-AE7C-97150087E3C1} URL = http://search.yahoo....p={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.130.69.124 10.130.69.125 10.130.69.128
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062
    FF Homepage: hxxp://accessau.anderson.edu/
    FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=514467&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: @talk.google.com/GoogleTalkPlugin -> C:\Users\jhaukerman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: @talk.google.com/O1DPlugin -> C:\Users\jhaukerman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: @tools.google.com/Google Update;version=3 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: @tools.google.com/Google Update;version=9 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Users\jhaukerman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\jhaukerman\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: Analytics - C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\Extensions\[email protected] [2013-11-07]
    FF Extension: LastPass - C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\Extensions\[email protected] [2015-01-14]
    FF Extension: Connect DLC 5  - C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} [2013-12-12]
    FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014-12-10]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
    CHR Extension: (http://newlifetogether.org/) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bclclncjfbbmdcmjdmclknocacjihnna [2013-01-30]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-16]
    CHR Extension: (Clearly) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-01-15]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
    CHR Extension: (Google Wallet) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\jhaukerman\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
    CHR HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JHAUKE~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-30]
    CHR HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\jhaukerman\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
    CHR HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
    S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-01-29] (Intel Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
    S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-01-03] (Advanced Micro Devices, INC.)
    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [22656 2012-02-01] (Advanced Micro Devices, Inc.)
    S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-01-03] (Advanced Micro Devices, INC.)
    S3 amd_sata; C:\Windows\system32\drivers\amd_sata.sys [70784 2012-06-13] (Advanced Micro Devices)
    R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [34944 2012-06-13] (Advanced Micro Devices)
    R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
    S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x32.sys [264464 2010-08-13] (Intel® Corporation)
    S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X32.sys [57616 2010-08-13] (Intel® Corporation)
    R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-31] (Infineon Technologies AG)
    R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [15640 2012-03-27] (Intel Corporation)
    S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [349976 2012-03-27] (Intel Corporation)
    S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [792856 2012-03-27] (Intel Corporation)
    S3 johci; C:\Windows\system32\drivers\johci.sys [23640 2011-02-09] (JMicron Technology Corp.)
    S3 JRAID; C:\Windows\system32\drivers\jraid.sys [104024 2010-09-06] (JMicron Technology Corp.)
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R3 PAEAFLT.sys; C:\Windows\System32\DRIVERS\PAEAFLT.sys [8576 2007-09-26] (PixArt Imaging Incorporation)
    S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
    S3 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [49152 2009-06-30] (REDC)
    S3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
    S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38400 2009-07-04] (REDC)
    R3 SPC230NC; C:\Windows\System32\DRIVERS\SPC230NC.SYS [461056 2007-12-31] (PixArt Imaging Inc.)
    R3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [32864 2013-08-15] (ShoreTel, Inc)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2013-03-18] (Apple, Inc.) [File not signed]
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-16 07:30 - 2015-01-16 07:30 - 00020933 _____ () C:\Users\jhaukerman\Downloads\FRST.txt
    2015-01-16 07:29 - 2015-01-16 07:30 - 00000000 ____D () C:\FRST
    2015-01-16 07:29 - 2015-01-16 07:29 - 01116672 _____ (Farbar) C:\Users\jhaukerman\Downloads\FRST.exe
    2015-01-16 07:28 - 2015-01-16 07:28 - 00001438 _____ () C:\Users\jhaukerman\Desktop\JRT.txt
    2015-01-16 07:26 - 2015-01-16 07:26 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-16 07:25 - 2015-01-16 07:26 - 01707939 _____ (Thisisu) C:\Users\jhaukerman\Downloads\JRT.exe
    2015-01-16 07:22 - 2015-01-16 07:22 - 00004948 _____ () C:\Users\jhaukerman\Desktop\AdwCleaner[R1].txt
    2015-01-16 07:19 - 2015-01-16 07:19 - 02191360 _____ () C:\Users\jhaukerman\Downloads\AdwCleaner (1).exe
    2015-01-16 07:18 - 2015-01-16 07:18 - 02191360 _____ () C:\Users\jhaukerman\Downloads\AdwCleaner.exe
    2015-01-15 11:45 - 2015-01-15 11:45 - 00050516 _____ () C:\Users\jhaukerman\Downloads\Extras.Txt
    2015-01-15 11:44 - 2015-01-15 11:44 - 00105746 _____ () C:\Users\jhaukerman\Downloads\OTL.Txt
    2015-01-15 11:40 - 2015-01-15 11:40 - 00602112 _____ (OldTimer Tools) C:\Users\jhaukerman\Downloads\OTL.exe
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\Users\jhaukerman\AppData\Roaming\MyTurboPC.com
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\Users\jhaukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\Program Files\MyTurboPC.com
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\Program Files\Common Files\MyTurboPC.com
    2015-01-15 11:28 - 2015-01-15 11:29 - 06379208 _____ (MyTurboPC.com) C:\Users\jhaukerman\Downloads\Myturbopc.exe
    2015-01-15 10:44 - 2015-01-15 10:44 - 02191360 _____ () C:\Users\jhaukerman\Downloads\adwcleaner_4.107 (1).exe
    2015-01-15 10:36 - 2015-01-15 10:36 - 02191360 _____ () C:\Users\jhaukerman\Downloads\adwcleaner_4.107.exe
    2015-01-15 07:16 - 2015-01-15 07:17 - 00535813 _____ () C:\Users\jhaukerman\Downloads\submissions.zip
    2015-01-14 11:01 - 2015-01-14 11:01 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\jhaukerman\Downloads\thing.exe
    2015-01-14 07:07 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 07:07 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 07:07 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-14 07:07 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 07:07 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 07:07 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-09 11:41 - 2015-01-09 11:41 - 00736339 _____ () C:\Users\jhaukerman\Downloads\Sample-Letters-to-the-Editor_0.zip
    2015-01-09 09:46 - 2015-01-09 09:46 - 00000479 _____ () C:\Users\jhaukerman\Downloads\noname.txt
    2015-01-08 11:42 - 2015-01-08 11:43 - 09779712 _____ () C:\Users\jhaukerman\Downloads\COS_Powerpoint.ppt
    2015-01-08 08:03 - 2015-01-08 08:03 - 00000528 _____ () C:\Users\jhaukerman\Downloads\Final_Grade.html
    2015-01-07 11:38 - 2015-01-07 11:38 - 00012172 _____ () C:\Users\jhaukerman\Downloads\THST 5000 (1).xlsx
    2015-01-07 11:38 - 2015-01-07 11:38 - 00010830 _____ () C:\Users\jhaukerman\Downloads\PAST 5120 (1).xlsx
    2015-01-07 11:37 - 2015-01-07 11:37 - 00012172 _____ () C:\Users\jhaukerman\Downloads\THST 5000.xlsx
    2015-01-07 11:37 - 2015-01-07 11:37 - 00010830 _____ () C:\Users\jhaukerman\Downloads\PAST 5120.xlsx
    2015-01-07 09:01 - 2015-01-07 09:01 - 00198656 _____ () C:\Users\jhaukerman\Downloads\AU Online Seminary Degree Eburst 1971 1-6-2015 JHAukerman.XLS
    2015-01-07 09:01 - 2015-01-07 09:01 - 00198656 _____ () C:\Users\jhaukerman\Desktop\AU Online Seminary Degree Eburst 1971 1-6-2015 JHAukerman.xls
    2015-01-05 10:39 - 2015-01-05 10:39 - 00020715 _____ () C:\Users\jhaukerman\Downloads\Data_All_150105 (1).zip
    2015-01-05 10:38 - 2015-01-05 10:38 - 00020715 _____ () C:\Users\jhaukerman\Downloads\Data_All_150105.zip
    2015-01-05 07:19 - 2015-01-05 07:19 - 01920640 _____ (TODO: <Company name>) C:\Users\jhaukerman\Downloads\Windows_7_Update.exe
    2015-01-05 07:00 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-17 11:44 - 2015-01-09 11:55 - 00000000 ____D () C:\Users\jhaukerman\Desktop\COS
    2014-12-17 10:00 - 2015-01-07 07:56 - 00000000 ____D () C:\Users\jhaukerman\Desktop\AIM
    2014-12-17 09:07 - 2014-12-17 09:07 - 00009806 _____ () C:\Users\jhaukerman\Downloads\PAST5120-M1-2141-JA Grades (1).xlsx
    2014-12-17 08:50 - 2014-12-17 08:50 - 00009808 _____ () C:\Users\jhaukerman\Downloads\PAST5120-M1-2141-JA Grades.xlsx
    2014-12-17 08:41 - 2014-12-17 08:41 - 00015697 _____ () C:\Users\jhaukerman\Downloads\RLGN2210-5E-2141-JA Grades.xlsx
    2014-12-17 08:26 - 2014-12-17 08:26 - 00009188 _____ () C:\Users\jhaukerman\Downloads\THST5000-M1-2141-JA Grades.xlsx
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-16 07:30 - 2009-07-13 23:34 - 00027680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-16 07:30 - 2009-07-13 23:34 - 00027680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-16 07:27 - 2012-08-17 18:41 - 01079421 _____ () C:\Windows\WindowsUpdate.log
    2015-01-16 07:25 - 2013-10-29 09:27 - 00000000 ____D () C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic
    2015-01-16 07:24 - 2012-12-21 08:18 - 00000000 ___RD () C:\Users\jhaukerman\Google Drive
    2015-01-16 07:23 - 2014-09-23 05:08 - 00003512 _____ () C:\Windows\PFRO.log
    2015-01-16 07:23 - 2014-03-18 11:59 - 00014700 _____ () C:\Windows\setupact.log
    2015-01-16 07:23 - 2012-02-08 20:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-16 07:23 - 2012-02-08 16:20 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-01-16 07:23 - 2011-09-27 07:33 - 00000404 _____ () C:\Windows\SMSCFG.INI
    2015-01-16 07:23 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-16 07:18 - 2012-08-27 09:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-16 07:02 - 2013-07-29 06:47 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326UA.job
    2015-01-16 07:02 - 2013-07-29 06:47 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326Core.job
    2015-01-16 06:52 - 2010-11-20 16:01 - 00785070 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-16 06:44 - 2012-02-08 20:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-15 09:15 - 2012-02-08 18:39 - 00023730 __RSH () C:\ProgramData\ntuser.pol
    2015-01-14 14:13 - 2013-08-14 10:58 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 14:08 - 2012-02-08 21:30 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 09:18 - 2012-08-27 09:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-01-14 09:18 - 2012-02-08 20:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-01-12 07:11 - 2012-08-23 10:32 - 00000000 ____D () C:\Users\jhaukerman\Desktop\DWW on FB
    2015-01-12 06:48 - 2013-11-06 07:22 - 00000000 ____D () C:\Users\jhaukerman\AppData\Roaming\Skype
    2015-01-12 06:25 - 2014-12-08 11:34 - 00000000 ___RD () C:\Program Files\Skype
    2015-01-12 06:25 - 2013-11-06 07:22 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-07 07:15 - 2014-06-24 07:04 - 00000000 ____D () C:\Users\jhaukerman\AppData\Local\Adobe
    2014-12-31 06:13 - 2012-02-08 16:33 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
     
    Some content of TEMP:
    ====================
    C:\Users\jhaukerman\AppData\Local\Temp\AskPIP_FF_.exe
    C:\Users\jhaukerman\AppData\Local\Temp\AskSLib.dll
    C:\Users\jhaukerman\AppData\Local\Temp\BetterInstaller.exe
    C:\Users\jhaukerman\AppData\Local\Temp\burnsetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\ChromeUpdate.exe
    C:\Users\jhaukerman\AppData\Local\Temp\CopyUpdate.exe
    C:\Users\jhaukerman\AppData\Local\Temp\debutsetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\ffmpeg15.exe
    C:\Users\jhaukerman\AppData\Local\Temp\iBetaInstaller_ib1020cm1.exe
    C:\Users\jhaukerman\AppData\Local\Temp\IminentSetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\infoatoms-setup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\LPPlugin.dll
    C:\Users\jhaukerman\AppData\Local\Temp\mp3el.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsi8031.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsi8BC8.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsmAD2C.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nss1C7F.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nss27C8.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsuA27B.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsx857E.exe
    C:\Users\jhaukerman\AppData\Local\Temp\ochelper.exe
    C:\Users\jhaukerman\AppData\Local\Temp\Quarantine.exe
    C:\Users\jhaukerman\AppData\Local\Temp\setup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\SPStub.exe
    C:\Users\jhaukerman\AppData\Local\Temp\sqlite3.dll
    C:\Users\jhaukerman\AppData\Local\Temp\tbConn.dll
    C:\Users\jhaukerman\AppData\Local\Temp\tmpAAD1.exe
    C:\Users\jhaukerman\AppData\Local\Temp\vpsetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\_is48C2.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-14 10:16
     
    ==================== End Of Log ============================
     
    Addition report:
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015 01
    Ran by jhaukerman at 2015-01-16 07:31:12
    Running from C:\Users\jhaukerman\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
     Moyea Free Flash Downloader version  1.3.0.0 (HKLM\...\{8ED5BF38-B9BF-4F2D-AF42-9037574A254F}_is1) (Version:  - )
     Moyea SWF to MPEG Converter version  4.0.0.0 (HKLM\...\{30C7F6E8-D7DF-4162-BFE0-72796148D589}_is1) (Version:  - )
    32 Bit HP CIO Components Installer (Version: 13.1.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BearShare (HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\BearShare) (Version: 12.0.0.134165 - Musiclab, LLC)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
    Configuration Manager Client (Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)
    FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
    Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Gradekeeper (HKLM\...\Product_Name) (Version: 6.7 - )
    HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
    i-beta.com extension (HKLM\...\{37BE563C-6020-43A7-BB6C-3BEDE8BFA1BD}) (Version: 1.1.2 - i-beta.com)
    Iminent (Version: 5.43.11.0 - Iminent) Hidden <==== ATTENTION
    Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Forefront Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Office 2010 Primary Interop Assemblies (HKLM\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MyTurboPC (HKLM\...\{A2F37CA8-53F8-4594-B701-32AE64BAED1A}) (Version: 3.2.14.0 - MyTurboPC.com)
    Philips Intelligent Agent (HKLM\...\Philips Intelligent Agent_is1) (Version: 2.2 - Philips)
    Philips SPC230NC Webcam (HKLM\...\{05F350C6-FA6A-40D0-A130-FB941B39152C}) (Version: 1.0.0.0 - Philips)
    QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
    RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: 4.32 - NCH Software)
    Screencast-O-Matic (HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    ShoreTel Communicator (HKLM\...\{564CB2D2-3949-4AFC-B1A6-6C46F3A4F8BC}) (Version: 19.43.7902.0 - ShoreTel, Inc.)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SMS Client Setup Bootstrap (Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
    Webcam Video Viewer (HKLM\...\{CECB7782-F35F-45CE-97C0-74BBBDC51C22}) (Version:  - ArcSoft)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
     
    ==================== Restore Points  =========================
     
    10-12-2014 11:11:00 Windows Update
    12-12-2014 03:00:19 Windows Update
    12-12-2014 10:16:00 Windows Update
    16-12-2014 07:22:22 Windows Update
    05-01-2015 11:26:45 Windows Update
    09-01-2015 07:01:06 Windows Update
    12-01-2015 07:17:06 Windows Update
    14-01-2015 14:07:37 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {03595E70-777D-4585-9CE1-846F597A45BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {07BC4897-13DC-498E-8EA8-8F7C9AABB1E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
    Task: {4722199D-30B6-4AC4-8BF5-D6FBF6D8FF9B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326Core => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
    Task: {48D942CE-4B78-4F89-9338-40FF988A7D73} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326UA => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
    Task: {4CD60727-79B8-42D8-910A-F5219DC08840} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
    Task: {60451013-46AC-494B-8AD4-F42AB49654A7} - \Driver Manager-RTMUpdater No Task File <==== ATTENTION
    Task: {6245103D-F21A-45FB-B96C-A1ECF0E9A3A1} - System32\Tasks\NCH Software\WavePadReminder => C:\Program Files\NCH Software\WavePad\WavePad.exe
    Task: {6B5F3DAF-15EB-42E6-9442-F25E1E794EFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
    Task: {75E85985-4EA7-4D7A-9BA7-74D75DEC77D4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {A28A481F-C526-4799-A3AB-686DE3B77704} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {AE7DEFEF-CE24-48EA-A73C-B414DE250E2B} - \Driver Manager-RTMScan No Task File <==== ATTENTION
    Task: {CC04995C-FDF0-4D76-BBEE-02889EC2E870} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {F7EBD80E-4FE9-4931-87C0-1F2D4C8744FC} - \Driver Manager-RTMRules No Task File <==== ATTENTION
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326Core.job => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326UA.job => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
    2014-11-06 09:29 - 2014-11-06 09:29 - 01551872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PCMSkin\9de894cab860126e28a8898efd3de6ec\PCMSkin.ni.dll
    2014-11-06 09:29 - 2014-11-06 09:29 - 00192512 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\GALImport\89baea09ffb49a303a63963ac07cc2a4\GALImport.ni.dll
    2013-11-22 09:02 - 2013-11-22 09:02 - 00053248 _____ () C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\SOMTrayNative-1.0.dll
    2013-10-29 09:27 - 2013-10-29 09:27 - 00089600 _____ () C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\SOMNative-2.17.3.dll
    2013-09-26 05:17 - 2007-12-14 15:58 - 00241664 _____ () C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
    2015-01-16 07:24 - 2015-01-16 07:24 - 00098816 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32api.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00110080 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\pywintypes27.dll
    2015-01-16 07:24 - 2015-01-16 07:24 - 00364544 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\pythoncom27.dll
    2015-01-16 07:24 - 2015-01-16 07:24 - 00045568 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_socket.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 01160704 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_ssl.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00320512 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32com.shell.shell.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00713216 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_hashlib.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 01175040 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._core_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00805888 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._gdi_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00811008 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._windows_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 01062400 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._controls_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00735232 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._misc_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00128512 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_elementtree.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00127488 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\pyexpat.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00557056 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\pysqlite2._sqlite.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00087552 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_ctypes.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00119808 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32file.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00108544 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32security.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00007168 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\hashobjs_ext.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00167936 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32gui.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00018432 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32event.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00038912 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32inet.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00011264 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32crypt.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00070656 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._html2.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00027136 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_multiprocessing.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00035840 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32process.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00686080 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\unicodedata.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00122368 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._wizard.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00024064 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32pipe.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00025600 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32pdh.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00525640 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\windows._lib_cacheinvalidation.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00010240 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\select.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00017408 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32profile.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00022528 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32ts.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00078336 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._animate.pyd
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\TEMP:8FD693D2
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2647600523-873630241-4224024182-500 - Administrator - Enabled)
    Guest (S-1-5-21-2647600523-873630241-4224024182-501 - Limited - Disabled)
    its (S-1-5-21-2647600523-873630241-4224024182-1621 - Administrator - Enabled)
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3242.02 MB
    Available physical RAM: 1426.25 MB
    Total Pagefile: 6482.32 MB
    Available Pagefile: 4306.93 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1890.73 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:232.88 GB) (Free:40.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive p: (Data) (Network) (Total:1300 GB) (Free:51.03 GB) NTFS
    Drive s: (Data) (Network) (Total:660 GB) (Free:13.84 GB) NTFS
    Drive t: (Data) (Network) (Total:660 GB) (Free:13.84 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DB7AF4E5)
    Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,009 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
    Uninstall Iminent
     
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 7 Update 71 
    JavaFX 2.1.1 
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    With Firefox go to adblockplus.org and get their plugin.
    Repeat with Chrome and IE if you use them.
     
    Download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow to load.
     
    Are your popups gone?
     
     

     


    • 0

    #5
    John Aukerman

    John Aukerman

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 204 posts
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015 01
    Ran by jhaukerman at 2015-01-16 09:10:23 Run:1
    Running from C:\Users\jhaukerman\Downloads
    Loaded Profiles: jhaukerman (Available profiles: AdminJLS & tech & AUGuest & jhaukerman)
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF Extension: Analytics - C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\Extensions\[email protected] [2013-11-07]
    FF Extension: Connect DLC 5  - C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} [2013-12-12]
    FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014-12-10]
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    C:\Users\jhaukerman\AppData\Local\Temp\AskPIP_FF_.exe
    C:\Users\jhaukerman\AppData\Local\Temp\AskSLib.dll
    C:\Users\jhaukerman\AppData\Local\Temp\BetterInstaller.exe
    C:\Users\jhaukerman\AppData\Local\Temp\burnsetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\ChromeUpdate.exe
    C:\Users\jhaukerman\AppData\Local\Temp\CopyUpdate.exe
    C:\Users\jhaukerman\AppData\Local\Temp\debutsetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\ffmpeg15.exe
    C:\Users\jhaukerman\AppData\Local\Temp\iBetaInstaller_ib1020cm1.exe
    C:\Users\jhaukerman\AppData\Local\Temp\IminentSetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\infoatoms-setup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
    C:\Users\jhaukerman\AppData\Local\Temp\LPPlugin.dll
    C:\Users\jhaukerman\AppData\Local\Temp\mp3el.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsi8031.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsi8BC8.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsmAD2C.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nss1C7F.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nss27C8.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsuA27B.exe
    C:\Users\jhaukerman\AppData\Local\Temp\nsx857E.exe
    C:\Users\jhaukerman\AppData\Local\Temp\ochelper.exe
    C:\Users\jhaukerman\AppData\Local\Temp\Quarantine.exe
    C:\Users\jhaukerman\AppData\Local\Temp\setup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\SPStub.exe
    C:\Users\jhaukerman\AppData\Local\Temp\sqlite3.dll
    C:\Users\jhaukerman\AppData\Local\Temp\tbConn.dll
    C:\Users\jhaukerman\AppData\Local\Temp\tmpAAD1.exe
    C:\Users\jhaukerman\AppData\Local\Temp\vpsetup.exe
    C:\Users\jhaukerman\AppData\Local\Temp\_is48C2.exe
    C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    Iminent (Version: 5.43.11.0 - Iminent) Hidden <==== ATTENTION
    Task: {60451013-46AC-494B-8AD4-F42AB49654A7} - \Driver Manager-RTMUpdater No Task File <==== ATTENTION
    Task: {AE7DEFEF-CE24-48EA-A73C-B414DE250E2B} - \Driver Manager-RTMScan No Task File <==== ATTENTION
    Task: {F7EBD80E-4FE9-4931-87C0-1F2D4C8744FC} - \Driver Manager-RTMRules No Task File <==== ATTENTION
     
     
     
     
    *****************
     
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\Software\MozillaPlugins\BearSharePlugin" => Key deleted successfully.
    C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll not found.
    C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\Extensions\[email protected] => Moved successfully.
    C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\[email protected] => Moved successfully.
    taphss6 => Service deleted successfully.
    VGPU => Service deleted successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\AskSLib.dll => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\BetterInstaller.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\burnsetup.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\ChromeUpdate.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\CopyUpdate.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\debutsetup.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\ffmpeg15.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\iBetaInstaller_ib1020cm1.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\IminentSetup.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\infoatoms-setup.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\LPPlugin.dll => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\mp3el.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\nsi8031.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\nsi8BC8.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\nsmAD2C.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\nss1C7F.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\nss27C8.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\nsuA27B.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\nsx857E.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\ochelper.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\setup.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\SPStub.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\tbConn.dll => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\tmpAAD1.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\vpsetup.exe => Moved successfully.
    C:\Users\jhaukerman\AppData\Local\Temp\_is48C2.exe => Moved successfully.
    "C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File" => File/Directory not found.
    "HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
    "HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
    "HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => Key deleted successfully.
    "HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => Key deleted successfully.
    "HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
    "HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FCEBAFF1-1A10-437E-9282-47A0024D18AF}\\SystemComponent => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60451013-46AC-494B-8AD4-F42AB49654A7}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60451013-46AC-494B-8AD4-F42AB49654A7}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Manager-RTMUpdater" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE7DEFEF-CE24-48EA-A73C-B414DE250E2B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE7DEFEF-CE24-48EA-A73C-B414DE250E2B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Manager-RTMScan" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7EBD80E-4FE9-4931-87C0-1F2D4C8744FC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7EBD80E-4FE9-4931-87C0-1F2D4C8744FC}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Manager-RTMRules" => Key deleted successfully.
     
    ==== End of Fixlog 09:10:25 ====
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01
    Ran by jhaukerman (administrator) on JHAUKERMAN8200 on 16-01-2015 09:12:15
    Running from C:\Users\jhaukerman\Downloads
    Loaded Profiles: jhaukerman (Available profiles: AdminJLS & tech & AUGuest & jhaukerman)
    Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Windows\System32\CCM\CcmExec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (PixArt Imaging Incorporation) C:\Windows\Philips\SPC230NC\Monitor.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (ShoreTel Inc.) C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe
    (Screencast-O-Matic) C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe
    () C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Google) C:\Program Files\Google\Drive\googledrivesync.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
    (Farbar) C:\Users\jhaukerman\Downloads\FRST (1).exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\jhaukerman\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2333968 2012-06-05] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6044264 2011-06-14] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
    HKLM\...\Run: [SPC230NC_Monitor] => C:\Windows\Philips\SPC230NC\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
    HKLM\...\Run: [SPC_Monitor] => C:\Windows\Philips\SPC230NC\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [Google Update] => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-29] (Google Inc.)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-24] (Google Inc.)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [Philips Intelligent Agent] => C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe [613792 2008-02-21] (Philips Consumer Electronics)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [ShoreTel Personal Call Manager] => C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe [2569216 2014-10-01] (ShoreTel Inc.)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Run: [Screencast-O-Matic Tray] => C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe [58480 2012-11-01] (Screencast-O-Matic)
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Policies\Explorer: [ForceStartMenuLogOff] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk
    ShortcutTarget: TrayMin230.lnk -> C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe ()
    Startup: C:\Users\jhaukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome - Shortcut.lnk
    ShortcutTarget: chrome - Shortcut.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
    ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\Software\Microsoft\Internet Explorer\Main,Start Page = https://obc.itsme247.com/156/
    SearchScopes: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326 -> {DCF3BCB6-09ED-4C7F-AE7C-97150087E3C1} URL = http://search.yahoo....p={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll (LastPass)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.130.69.124 10.130.69.125 10.130.69.128
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062
    FF Homepage: hxxp://accessau.anderson.edu/
    FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=514467&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: @talk.google.com/GoogleTalkPlugin -> C:\Users\jhaukerman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: @talk.google.com/O1DPlugin -> C:\Users\jhaukerman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: @tools.google.com/Google Update;version=3 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2449424096-1393605424-1647929637-4326: @tools.google.com/Google Update;version=9 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\jhaukerman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\jhaukerman\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: LastPass - C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\Extensions\[email protected] [2015-01-14]
    FF Extension: No Name - C:\Users\jhaukerman\AppData\Roaming\Mozilla\Firefox\Profiles\qmz4l8bc.default-1372853397062\extensions\[email protected] [Not Found]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
    CHR Extension: (http://newlifetogether.org/) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bclclncjfbbmdcmjdmclknocacjihnna [2013-01-30]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-16]
    CHR Extension: (Clearly) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-01-15]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-07]
    CHR Extension: (Google Wallet) - C:\Users\jhaukerman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR HKLM\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\jhaukerman\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
    CHR HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JHAUKE~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-30]
    CHR HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\jhaukerman\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
    CHR HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 CcmExec; C:\Windows\system32\CCM\CcmExec.exe [764768 2009-09-18] (Microsoft Corporation)
    S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-01-29] (Intel Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-02-08] (Hewlett-Packard) [File not signed]
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-02-08] (Hewlett-Packard) [File not signed]
    S3 smstsmgr; C:\Windows\system32\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 amdhub30; C:\Windows\system32\drivers\amdhub30.sys [82560 2012-01-03] (Advanced Micro Devices, INC.)
    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [22656 2012-02-01] (Advanced Micro Devices, Inc.)
    S3 amdxhc; C:\Windows\system32\drivers\amdxhc.sys [173184 2012-01-03] (Advanced Micro Devices, INC.)
    S3 amd_sata; C:\Windows\system32\drivers\amd_sata.sys [70784 2012-06-13] (Advanced Micro Devices)
    R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [34944 2012-06-13] (Advanced Micro Devices)
    R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
    S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x32.sys [264464 2010-08-13] (Intel® Corporation)
    S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X32.sys [57616 2010-08-13] (Intel® Corporation)
    R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-31] (Infineon Technologies AG)
    R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [15640 2012-03-27] (Intel Corporation)
    S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [349976 2012-03-27] (Intel Corporation)
    S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [792856 2012-03-27] (Intel Corporation)
    S3 johci; C:\Windows\system32\drivers\johci.sys [23640 2011-02-09] (JMicron Technology Corp.)
    S3 JRAID; C:\Windows\system32\drivers\jraid.sys [104024 2010-09-06] (JMicron Technology Corp.)
    R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    R3 PAEAFLT.sys; C:\Windows\System32\DRIVERS\PAEAFLT.sys [8576 2007-09-26] (PixArt Imaging Incorporation)
    S3 prepdrvr; C:\Windows\system32\CCM\prepdrv.sys [20848 2009-09-18] (Microsoft Corporation)
    S3 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [49152 2009-06-30] (REDC)
    S3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
    S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38400 2009-07-04] (REDC)
    R3 SPC230NC; C:\Windows\System32\DRIVERS\SPC230NC.SYS [461056 2007-12-31] (PixArt Imaging Inc.)
    R3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [32864 2013-08-15] (ShoreTel, Inc)
    S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2013-03-18] (Apple, Inc.) [File not signed]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-16 09:11 - 2015-01-16 09:11 - 01116672 _____ (Farbar) C:\Users\jhaukerman\Downloads\FRST (2).exe
    2015-01-16 09:09 - 2015-01-16 09:09 - 01116672 _____ (Farbar) C:\Users\jhaukerman\Downloads\FRST (1).exe
    2015-01-16 09:08 - 2015-01-16 09:08 - 00010880 _____ () C:\Users\jhaukerman\Desktop\fixlist.txt
    2015-01-16 07:31 - 2015-01-16 07:31 - 00025745 _____ () C:\Users\jhaukerman\Downloads\Addition.txt
    2015-01-16 07:30 - 2015-01-16 09:12 - 00020394 _____ () C:\Users\jhaukerman\Downloads\FRST.txt
    2015-01-16 07:29 - 2015-01-16 09:12 - 00000000 ____D () C:\FRST
    2015-01-16 07:29 - 2015-01-16 07:29 - 01116672 _____ (Farbar) C:\Users\jhaukerman\Downloads\FRST.exe
    2015-01-16 07:26 - 2015-01-16 07:26 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-16 07:25 - 2015-01-16 07:26 - 01707939 _____ (Thisisu) C:\Users\jhaukerman\Downloads\JRT.exe
    2015-01-16 07:19 - 2015-01-16 07:19 - 02191360 _____ () C:\Users\jhaukerman\Downloads\AdwCleaner (1).exe
    2015-01-16 07:18 - 2015-01-16 07:18 - 02191360 _____ () C:\Users\jhaukerman\Downloads\AdwCleaner.exe
    2015-01-15 11:45 - 2015-01-15 11:45 - 00050516 _____ () C:\Users\jhaukerman\Downloads\Extras.Txt
    2015-01-15 11:44 - 2015-01-15 11:44 - 00105746 _____ () C:\Users\jhaukerman\Downloads\OTL.Txt
    2015-01-15 11:40 - 2015-01-15 11:40 - 00602112 _____ (OldTimer Tools) C:\Users\jhaukerman\Downloads\OTL.exe
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\Users\jhaukerman\AppData\Roaming\MyTurboPC.com
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\Users\jhaukerman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\ProgramData\MyTurboPC.com
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\Program Files\MyTurboPC.com
    2015-01-15 11:29 - 2015-01-15 11:29 - 00000000 ____D () C:\Program Files\Common Files\MyTurboPC.com
    2015-01-15 11:28 - 2015-01-15 11:29 - 06379208 _____ (MyTurboPC.com) C:\Users\jhaukerman\Downloads\Myturbopc.exe
    2015-01-15 10:44 - 2015-01-15 10:44 - 02191360 _____ () C:\Users\jhaukerman\Downloads\adwcleaner_4.107 (1).exe
    2015-01-15 10:36 - 2015-01-15 10:36 - 02191360 _____ () C:\Users\jhaukerman\Downloads\adwcleaner_4.107.exe
    2015-01-15 07:16 - 2015-01-15 07:17 - 00535813 _____ () C:\Users\jhaukerman\Downloads\submissions.zip
    2015-01-14 11:01 - 2015-01-14 11:01 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\jhaukerman\Downloads\thing.exe
    2015-01-14 07:07 - 2014-12-18 21:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 07:07 - 2014-12-18 20:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 07:07 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-14 07:07 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 07:07 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 07:07 - 2014-12-05 22:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-09 11:41 - 2015-01-09 11:41 - 00736339 _____ () C:\Users\jhaukerman\Downloads\Sample-Letters-to-the-Editor_0.zip
    2015-01-09 09:46 - 2015-01-09 09:46 - 00000479 _____ () C:\Users\jhaukerman\Downloads\noname.txt
    2015-01-08 11:42 - 2015-01-08 11:43 - 09779712 _____ () C:\Users\jhaukerman\Downloads\COS_Powerpoint.ppt
    2015-01-08 08:03 - 2015-01-08 08:03 - 00000528 _____ () C:\Users\jhaukerman\Downloads\Final_Grade.html
    2015-01-07 11:38 - 2015-01-07 11:38 - 00012172 _____ () C:\Users\jhaukerman\Downloads\THST 5000 (1).xlsx
    2015-01-07 11:38 - 2015-01-07 11:38 - 00010830 _____ () C:\Users\jhaukerman\Downloads\PAST 5120 (1).xlsx
    2015-01-07 11:37 - 2015-01-07 11:37 - 00012172 _____ () C:\Users\jhaukerman\Downloads\THST 5000.xlsx
    2015-01-07 11:37 - 2015-01-07 11:37 - 00010830 _____ () C:\Users\jhaukerman\Downloads\PAST 5120.xlsx
    2015-01-07 09:01 - 2015-01-07 09:01 - 00198656 _____ () C:\Users\jhaukerman\Downloads\AU Online Seminary Degree Eburst 1971 1-6-2015 JHAukerman.XLS
    2015-01-07 09:01 - 2015-01-07 09:01 - 00198656 _____ () C:\Users\jhaukerman\Desktop\AU Online Seminary Degree Eburst 1971 1-6-2015 JHAukerman.xls
    2015-01-05 10:39 - 2015-01-05 10:39 - 00020715 _____ () C:\Users\jhaukerman\Downloads\Data_All_150105 (1).zip
    2015-01-05 10:38 - 2015-01-05 10:38 - 00020715 _____ () C:\Users\jhaukerman\Downloads\Data_All_150105.zip
    2015-01-05 07:19 - 2015-01-05 07:19 - 01920640 _____ (TODO: <Company name>) C:\Users\jhaukerman\Downloads\Windows_7_Update.exe
    2015-01-05 07:00 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-17 11:44 - 2015-01-09 11:55 - 00000000 ____D () C:\Users\jhaukerman\Desktop\COS
    2014-12-17 10:00 - 2015-01-07 07:56 - 00000000 ____D () C:\Users\jhaukerman\Desktop\AIM
    2014-12-17 09:07 - 2014-12-17 09:07 - 00009806 _____ () C:\Users\jhaukerman\Downloads\PAST5120-M1-2141-JA Grades (1).xlsx
    2014-12-17 08:50 - 2014-12-17 08:50 - 00009808 _____ () C:\Users\jhaukerman\Downloads\PAST5120-M1-2141-JA Grades.xlsx
    2014-12-17 08:41 - 2014-12-17 08:41 - 00015697 _____ () C:\Users\jhaukerman\Downloads\RLGN2210-5E-2141-JA Grades.xlsx
    2014-12-17 08:26 - 2014-12-17 08:26 - 00009188 _____ () C:\Users\jhaukerman\Downloads\THST5000-M1-2141-JA Grades.xlsx
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-16 09:07 - 2012-08-17 18:41 - 01082229 _____ () C:\Windows\WindowsUpdate.log
    2015-01-16 09:02 - 2013-07-29 06:47 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326UA.job
    2015-01-16 08:56 - 2012-02-08 16:20 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-01-16 08:32 - 2009-07-13 23:34 - 00027680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-16 08:32 - 2009-07-13 23:34 - 00027680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-16 08:31 - 2012-02-08 20:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-16 08:18 - 2012-08-27 09:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-16 08:17 - 2012-08-23 10:32 - 00000000 ____D () C:\Users\jhaukerman\Desktop\DWW on FB
    2015-01-16 07:31 - 2012-02-08 20:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-16 07:31 - 2010-11-20 16:01 - 00785070 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-16 07:25 - 2013-10-29 09:27 - 00000000 ____D () C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic
    2015-01-16 07:24 - 2012-12-21 08:18 - 00000000 ___RD () C:\Users\jhaukerman\Google Drive
    2015-01-16 07:23 - 2014-09-23 05:08 - 00003512 _____ () C:\Windows\PFRO.log
    2015-01-16 07:23 - 2014-03-18 11:59 - 00014700 _____ () C:\Windows\setupact.log
    2015-01-16 07:23 - 2011-09-27 07:33 - 00000404 _____ () C:\Windows\SMSCFG.INI
    2015-01-16 07:23 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-16 07:02 - 2013-07-29 06:47 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326Core.job
    2015-01-15 09:15 - 2012-02-08 18:39 - 00023730 __RSH () C:\ProgramData\ntuser.pol
    2015-01-14 14:13 - 2013-08-14 10:58 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 14:08 - 2012-02-08 21:30 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 09:18 - 2012-08-27 09:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-01-14 09:18 - 2012-02-08 20:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-01-12 06:48 - 2013-11-06 07:22 - 00000000 ____D () C:\Users\jhaukerman\AppData\Roaming\Skype
    2015-01-12 06:25 - 2014-12-08 11:34 - 00000000 ___RD () C:\Program Files\Skype
    2015-01-12 06:25 - 2013-11-06 07:22 - 00000000 ____D () C:\ProgramData\Skype
    2015-01-07 07:15 - 2014-06-24 07:04 - 00000000 ____D () C:\Users\jhaukerman\AppData\Local\Adobe
    2014-12-31 06:13 - 2012-02-08 16:33 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-14 10:16
     
    ==================== End Of Log ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2015 01
    Ran by jhaukerman at 2015-01-16 09:12:39
    Running from C:\Users\jhaukerman\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
     Moyea Free Flash Downloader version  1.3.0.0 (HKLM\...\{8ED5BF38-B9BF-4F2D-AF42-9037574A254F}_is1) (Version:  - )
     Moyea SWF to MPEG Converter version  4.0.0.0 (HKLM\...\{30C7F6E8-D7DF-4162-BFE0-72796148D589}_is1) (Version:  - )
    32 Bit HP CIO Components Installer (Version: 13.1.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    BearShare (HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\BearShare) (Version: 12.0.0.134165 - Musiclab, LLC)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
    Configuration Manager Client (Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Express Burn (HKLM\...\ExpressBurn) (Version:  - NCH Software)
    FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
    Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Gradekeeper (HKLM\...\Product_Name) (Version: 6.7 - )
    HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
    i-beta.com extension (HKLM\...\{37BE563C-6020-43A7-BB6C-3BEDE8BFA1BD}) (Version: 1.1.2 - i-beta.com)
    Iminent (HKLM\...\{FCEBAFF1-1A10-437E-9282-47A0024D18AF}) (Version: 5.43.11.0 - Iminent) <==== ATTENTION
    Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Forefront Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Office 2010 Primary Interop Assemblies (HKLM\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MyTurboPC (HKLM\...\{A2F37CA8-53F8-4594-B701-32AE64BAED1A}) (Version: 3.2.14.0 - MyTurboPC.com)
    Philips Intelligent Agent (HKLM\...\Philips Intelligent Agent_is1) (Version: 2.2 - Philips)
    Philips SPC230NC Webcam (HKLM\...\{05F350C6-FA6A-40D0-A130-FB941B39152C}) (Version: 1.0.0.0 - Philips)
    QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
    RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: 4.32 - NCH Software)
    Screencast-O-Matic (HKU\S-1-5-21-2449424096-1393605424-1647929637-4326\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    ShoreTel Communicator (HKLM\...\{564CB2D2-3949-4AFC-B1A6-6C46F3A4F8BC}) (Version: 19.43.7902.0 - ShoreTel, Inc.)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SMS Client Setup Bootstrap (Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
    Webcam Video Viewer (HKLM\...\{CECB7782-F35F-45CE-97C0-74BBBDC51C22}) (Version:  - ArcSoft)
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2449424096-1393605424-1647929637-4326_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jhaukerman\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
     
    ==================== Restore Points  =========================
     
    10-12-2014 11:11:00 Windows Update
    12-12-2014 03:00:19 Windows Update
    12-12-2014 10:16:00 Windows Update
    16-12-2014 07:22:22 Windows Update
    05-01-2015 11:26:45 Windows Update
    09-01-2015 07:01:06 Windows Update
    12-01-2015 07:17:06 Windows Update
    14-01-2015 14:07:37 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {03595E70-777D-4585-9CE1-846F597A45BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {07BC4897-13DC-498E-8EA8-8F7C9AABB1E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
    Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
    Task: {4722199D-30B6-4AC4-8BF5-D6FBF6D8FF9B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326Core => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
    Task: {48D942CE-4B78-4F89-9338-40FF988A7D73} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326UA => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-29] (Google Inc.)
    Task: {4CD60727-79B8-42D8-910A-F5219DC08840} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
    Task: {6245103D-F21A-45FB-B96C-A1ECF0E9A3A1} - System32\Tasks\NCH Software\WavePadReminder => C:\Program Files\NCH Software\WavePad\WavePad.exe
    Task: {6B5F3DAF-15EB-42E6-9442-F25E1E794EFC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
    Task: {75E85985-4EA7-4D7A-9BA7-74D75DEC77D4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {A28A481F-C526-4799-A3AB-686DE3B77704} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {CC04995C-FDF0-4D76-BBEE-02889EC2E870} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326Core.job => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2449424096-1393605424-1647929637-4326UA.job => C:\Users\jhaukerman\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
    2014-11-06 09:29 - 2014-11-06 09:29 - 01551872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PCMSkin\9de894cab860126e28a8898efd3de6ec\PCMSkin.ni.dll
    2014-11-06 09:29 - 2014-11-06 09:29 - 00192512 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\GALImport\89baea09ffb49a303a63963ac07cc2a4\GALImport.ni.dll
    2013-11-22 09:02 - 2013-11-22 09:02 - 00053248 _____ () C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\SOMTrayNative-1.0.dll
    2013-10-29 09:27 - 2013-10-29 09:27 - 00089600 _____ () C:\Users\jhaukerman\AppData\Local\Screencast-O-Matic\SOMNative-2.17.3.dll
    2013-09-26 05:17 - 2007-12-14 15:58 - 00241664 _____ () C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe
    2015-01-16 07:24 - 2015-01-16 07:24 - 00098816 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32api.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00110080 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\pywintypes27.dll
    2015-01-16 07:24 - 2015-01-16 07:24 - 00364544 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\pythoncom27.dll
    2015-01-16 07:24 - 2015-01-16 07:24 - 00045568 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_socket.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 01160704 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_ssl.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00320512 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32com.shell.shell.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00713216 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_hashlib.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 01175040 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._core_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00805888 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._gdi_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00811008 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._windows_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 01062400 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._controls_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00735232 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._misc_.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00128512 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_elementtree.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00127488 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\pyexpat.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00557056 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\pysqlite2._sqlite.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00087552 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_ctypes.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00119808 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32file.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00108544 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32security.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00007168 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\hashobjs_ext.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00167936 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32gui.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00018432 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32event.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00038912 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32inet.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00011264 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32crypt.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00070656 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._html2.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00027136 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\_multiprocessing.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00035840 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32process.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00686080 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\unicodedata.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00122368 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._wizard.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00024064 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32pipe.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00025600 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32pdh.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00525640 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\windows._lib_cacheinvalidation.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00010240 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\select.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00017408 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32profile.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00022528 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\win32ts.pyd
    2015-01-16 07:24 - 2015-01-16 07:24 - 00078336 _____ () C:\Users\jhaukerman\AppData\Local\Temp\_MEI37922\wx._animate.pyd
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2014-12-11 23:36 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2014-12-11 23:36 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\TEMP:8FD693D2
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-2647600523-873630241-4224024182-500 - Administrator - Enabled)
    Guest (S-1-5-21-2647600523-873630241-4224024182-501 - Limited - Disabled)
    its (S-1-5-21-2647600523-873630241-4224024182-1622 - Administrator - Enabled)
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Microsoft PS/2 Mouse
    Description: Microsoft PS/2 Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/16/2015 08:50:58 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
    The manifest file root element must be assembly.
     
     
    System errors:
    =============
    Error: (01/16/2015 08:27:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{EE1BD859-AACD-48FE-A9B6-9358DC21ADAE}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/16/2015 08:50:58 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
    Percentage of memory in use: 55%
    Total physical RAM: 3242.02 MB
    Available physical RAM: 1433.89 MB
    Total Pagefile: 6482.32 MB
    Available Pagefile: 4411.46 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1903.94 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:232.88 GB) (Free:40.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive p: (Data) (Network) (Total:1300 GB) (Free:51.02 GB) NTFS
    Drive s: (Data) (Network) (Total:660 GB) (Free:13.91 GB) NTFS
    Drive t: (Data) (Network) (Total:660 GB) (Free:13.91 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DB7AF4E5)
    Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
    Popups are gone. Thank you very much.

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,009 posts
    • MVP
    Unless you see other problems I think we are done and can clean up
     
    Copy the following:
     
     
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
     
    
    Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
     
    That will get the last of the malware off the system.
     
     
     
    You can uninstall or delete any tools we had you download and their logs. 
     
     
     
    OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
     
    To hide hidden files again:
     
    Vista or Win7
     
    # Open the Control Panel menu and click Folder Options.
    # After the new window appears select the View tab.
    # Remove the check in the  checkbox labeled Display the contents of system folders.
    # Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
    # Check the checkbox labeled Hide protected operating system files.
    # Press the Apply button and then the OK button and exit My Computer. 
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
    Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the UpdateChecker: 
    (You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
    If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
     Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
     
    You can also try Secunia PSI http://secunia.com/v...l/download_psi/  Same kind of info.  You don't need both.
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while.
     
     
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     
    Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)
     
    Ron

    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Firefox, popups

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP