Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus


  • Please log in to reply

#1
nancy32986

nancy32986

    Member

  • Member
  • PipPip
  • 55 posts

My computer seems fine but I downloaded something online that I think might be a virus? Can someone help to see if that is the case? 


  • 0

Advertisements


#2
nancy32986

nancy32986

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OTL logfile created on: 1/22/2015 2:12:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Travis K. Vandell\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 53.75% Memory free
15.79 Gb Paging File | 11.81 Gb Available in Paging File | 74.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 202.13 Gb Free Space | 29.77% Space Free | Partition Type: NTFS
 
Computer Name: AWSUMCOMPUTER | User Name: Travis K. Vandell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/22 14:12:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Travis K. Vandell\Downloads\OTL.exe
PRC - [2015/01/06 11:24:47 | 000,118,568 | ---- | M] (Cisco WebEx LLC) -- C:\WINDOWS\SysWOW64\atashost.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/12/08 20:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/11/25 15:47:06 | 000,741,920 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014/10/30 14:36:24 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/02/14 16:26:04 | 002,013,168 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2012/02/14 16:26:04 | 000,096,240 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2012/02/14 16:26:00 | 002,451,440 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2011/10/18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/10/18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/10/17 14:01:00 | 001,999,168 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/17 01:00:22 | 000,380,224 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 20:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\cmd.exe
PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/02/23 12:43:00 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/02/14 09:09:12 | 000,335,872 | ---- | M] (KYOCERA MITA Corporation) -- C:\Program Files (x86)\Kyocera\FileUtility\NsCatCom.exe
PRC - [2003/09/16 14:50:18 | 000,061,440 | ---- | M] (KYOCERA MITA CORPORATION) -- C:\Program Files (x86)\Kyocera\FileUtility\SFUSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/22 10:03:01 | 000,043,008 | ---- | M] () -- c:\Users\Travis K. Vandell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxm6az_.dll
MOD - [2015/01/22 10:01:43 | 000,007,168 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\hashobjs_ext.pyd
MOD - [2015/01/22 10:01:42 | 001,160,704 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\_ssl.pyd
MOD - [2015/01/22 10:01:42 | 000,805,888 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\wx._gdi_.pyd
MOD - [2015/01/22 10:01:42 | 000,713,216 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\_hashlib.pyd
MOD - [2015/01/22 10:01:42 | 000,110,080 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\PyWinTypes27.dll
MOD - [2015/01/22 10:01:42 | 000,027,136 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\_multiprocessing.pyd
MOD - [2015/01/22 10:01:41 | 000,811,008 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\wx._windows_.pyd
MOD - [2015/01/22 10:01:41 | 000,070,656 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\wx._html2.pyd
MOD - [2015/01/22 10:01:40 | 001,062,400 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\wx._controls_.pyd
MOD - [2015/01/22 10:01:40 | 000,025,600 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32pdh.pyd
MOD - [2015/01/22 10:01:40 | 000,024,064 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32pipe.pyd
MOD - [2015/01/22 10:01:39 | 000,686,080 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\unicodedata.pyd
MOD - [2015/01/22 10:01:39 | 000,010,240 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\select.pyd
MOD - [2015/01/22 10:01:38 | 000,525,640 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/22 10:01:38 | 000,127,488 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\pyexpat.pyd
MOD - [2015/01/22 10:01:38 | 000,119,808 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32file.pyd
MOD - [2015/01/22 10:01:38 | 000,108,544 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32security.pyd
MOD - [2015/01/22 10:01:38 | 000,045,568 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\_socket.pyd
MOD - [2015/01/22 10:01:38 | 000,038,912 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32inet.pyd
MOD - [2015/01/22 10:01:38 | 000,018,432 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32event.pyd
MOD - [2015/01/22 10:01:38 | 000,017,408 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32profile.pyd
MOD - [2015/01/22 10:01:37 | 000,167,936 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32gui.pyd
MOD - [2015/01/22 10:01:37 | 000,128,512 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\_elementtree.pyd
MOD - [2015/01/22 10:01:37 | 000,098,816 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32api.pyd
MOD - [2015/01/22 10:01:37 | 000,087,552 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\_ctypes.pyd
MOD - [2015/01/22 10:01:36 | 000,557,056 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\pysqlite2._sqlite.pyd
MOD - [2015/01/22 10:01:35 | 001,175,040 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\wx._core_.pyd
MOD - [2015/01/22 10:01:35 | 000,320,512 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32com.shell.shell.pyd
MOD - [2015/01/22 10:01:35 | 000,022,528 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32ts.pyd
MOD - [2015/01/22 10:01:34 | 000,735,232 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\wx._misc_.pyd
MOD - [2015/01/22 10:01:34 | 000,364,544 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\pythoncom27.dll
MOD - [2015/01/22 10:01:34 | 000,078,336 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\wx._animate.pyd
MOD - [2015/01/22 10:01:33 | 000,122,368 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\wx._wizard.pyd
MOD - [2015/01/22 10:01:33 | 000,035,840 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32process.pyd
MOD - [2015/01/22 10:01:33 | 000,011,264 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Temp\_MEI23402\win32crypt.pyd
MOD - [2015/01/08 17:35:56 | 014,913,352 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
MOD - [2015/01/08 17:35:54 | 009,009,480 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
MOD - [2015/01/08 17:35:51 | 001,077,064 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
MOD - [2015/01/08 17:35:49 | 000,211,272 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\39.0.2171.99\libegl.dll
MOD - [2015/01/08 17:35:48 | 001,677,128 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
MOD - [2014/10/21 17:22:50 | 000,750,080 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 17:22:50 | 000,047,616 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 17:22:48 | 000,863,744 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 17:22:46 | 000,200,704 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/07/22 02:01:56 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/05/24 09:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 09:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/14 16:26:16 | 000,089,584 | ---- | M] () -- C:\WINDOWS\SysWOW64\FAIEExtension.dll
MOD - [2012/02/14 16:26:06 | 000,059,888 | ---- | M] () -- C:\WINDOWS\SysWOW64\FAib.dll
MOD - [2012/02/14 16:25:56 | 000,251,888 | ---- | M] () -- C:\WINDOWS\SysWOW64\FACrashRpt.dll
MOD - [2011/10/17 14:01:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 19:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/01 13:05:22 | 000,601,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2014/07/30 03:59:04 | 000,335,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2014/07/24 14:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/07/18 08:01:10 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/07/18 07:52:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/09/06 10:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) ["Start" not found. | Unknown] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/13 20:42:31 | 008,448,944 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2011/11/01 12:37:56 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/11/01 12:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/11/01 12:22:28 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/10/20 17:33:22 | 000,135,440 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/10/19 13:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010/11/29 14:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/01/06 11:24:47 | 000,118,568 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\WINDOWS\SysWOW64\atashost.exe -- (atashost)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/03 11:24:56 | 000,154,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014/05/12 06:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/09 11:09:38 | 000,389,496 | ---- | M] (PJLM Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Print Audit Inc\Print Audit 6\Client\pa6clhlp64.exe -- (PA6ClientHelper)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/03/27 15:17:42 | 000,185,688 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2012/04/23 12:35:15 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\822\g2aservice.exe -- (GoToAssist)
SRV - [2012/02/14 16:26:00 | 002,451,440 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2012/02/09 20:08:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/02/09 20:07:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/02/09 20:06:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2011/10/26 07:58:10 | 000,162,816 | ---- | M] (Dell Products, LP.) [Disabled | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2011/10/18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/10/17 14:01:00 | 001,999,168 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/17 01:00:22 | 000,380,224 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/22 09:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/11 17:04:58 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/12/20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/02/23 12:43:00 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2003/09/16 14:50:18 | 000,061,440 | ---- | M] (KYOCERA MITA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Kyocera\FileUtility\SFUSVC.exe -- (SFUSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/24 13:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/07/24 13:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/07/18 08:10:54 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/07/18 08:01:44 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/07/18 07:55:28 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/07/18 07:52:36 | 000,526,352 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/07/18 07:50:18 | 000,313,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/07/18 07:49:08 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/07/25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/09 21:14:03 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/09 21:14:03 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/01 18:57:06 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/10/19 13:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/10/19 13:19:08 | 000,195,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/10/17 14:01:00 | 000,027,712 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/10/11 12:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/10/10 15:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/08/29 15:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/08/25 22:09:20 | 000,390,704 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/23 22:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/01 14:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/19 15:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/08 05:51:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/12 17:44:40 | 000,122,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011/05/17 08:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 08:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 10:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/13 10:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/11/29 14:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/27 12:42:00 | 001,800,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2010/08/20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/12 19:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E3AF575B-0E44-46FF-AB9D-7A39165257AE}
IE:64bit: - HKLM\..\SearchScopes\{E3AF575B-0E44-46FF-AB9D-7A39165257AE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E3AF575B-0E44-46FF-AB9D-7A39165257AE}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8}
IE - HKCU\..\SearchScopes\{59520261-D72D-4BE9-85AD-D437F6D5F675}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{98C24F4C-5689-4FB7-A505-ACF2AC30F416}: "URL" = http://websearch.ask...95-30913B1B7536
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Travis K. Vandell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Travis K. Vandell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2012/05/01 20:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/30 16:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2015/01/15 03:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014/07/10 12:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/10/16 09:30:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/30 16:44:46 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\39.0.2171.99\internal-nacl-plugin
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\39.0.2171.99\pdf.dll
CHR - plugin: LogMeIn, Inc. Remote Access Components 1.0.0.1037 (Enabled) = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\ChromeLogMeIn.dll
CHR - plugin: QuickTime Plug-in 7.7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Travis K. Vandell\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Java Deployment Toolkit 7.0.550.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U55 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Travis K. Vandell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.9.0_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_1\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh\1.7.0_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfbikaejeiilikhlldnfbecpkbicmndn\10.0.0_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfbikaejeiilikhlldnfbecpkbicmndn\10.0.0_0\-e
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.1_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: QuickTime Plug-in 7.7.6 = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\
CHR - Extension: No name found = C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/07/08 10:10:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ScrewDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FAStartup]  File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Travis K. Vandell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bms7.webex.c...rt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{400E47D4-7C7C-47A0-9F05-B7127C0798CB}: DhcpNameServer = 10.1.10.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (c:\windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\822\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/22 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/01/22 11:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/01/22 11:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2015/01/22 11:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/01/22 11:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2015/01/06 11:32:10 | 000,000,000 | ---D | C] -- C:\BMS
[2015/01/06 11:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\triCerat
[2015/01/06 11:24:55 | 000,208,168 | ---- | C] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atsckernel.exe
[2015/01/06 11:24:55 | 000,118,568 | ---- | C] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atashost.exe
[2015/01/06 11:24:11 | 000,000,000 | -HSD | C] -- C:\Users\Travis K. Vandell\AppData\Local\EmieBrowserModeList
[2015/01/06 11:18:41 | 000,000,000 | ---D | C] -- C:\Users\Travis K. Vandell\AppData\Local\WebEx
[2015/01/06 10:39:55 | 000,000,000 | ---D | C] -- C:\Users\Travis K. Vandell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[1 C:\Users\Travis K. Vandell\*.tmp files -> C:\Users\Travis K. Vandell\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/22 13:48:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf9025557b63df.job
[2015/01/22 13:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/22 11:01:00 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/22 11:01:00 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/22 10:08:50 | 000,786,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/22 10:08:50 | 000,665,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/22 10:08:50 | 000,123,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/22 10:01:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/22 10:01:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/22 10:01:10 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/21 10:26:38 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2193847311-342145055-1881253431-1002Core1cff2c650c4b0d9.job
[2015/01/20 15:12:00 | 000,002,026 | -H-- | M] () -- C:\Users\Travis K. Vandell\Documents\Default.rdp
[2015/01/06 11:24:47 | 000,208,168 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atsckernel.exe
[2015/01/06 11:24:47 | 000,118,568 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWow64\atashost.exe
[2014/12/30 09:55:06 | 000,001,180 | ---- | M] () -- C:\Users\Travis K. Vandell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Users\Travis K. Vandell\*.tmp files -> C:\Users\Travis K. Vandell\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/26 21:46:19 | 000,000,000 | ---- | C] () -- C:\Users\Travis K. Vandell\AppData\Local\{EF74B404-F18C-4E5D-9B93-AB547CF08024}
[2014/07/09 07:52:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2014/05/30 11:11:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2014/05/30 11:11:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2014/05/30 11:10:24 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2013/09/16 09:03:32 | 000,000,270 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/01 13:15:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2013/05/01 13:15:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2013/05/01 13:15:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2013/03/30 16:41:57 | 000,205,924 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/03/30 16:41:57 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/03/30 16:25:15 | 000,205,896 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2013/03/30 16:25:15 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/03/19 12:56:30 | 000,000,180 | ---- | C] () -- C:\Windows\nscatch.ini
[2012/10/16 09:01:08 | 000,060,864 | ---- | C] () -- C:\Users\Travis K. Vandell\g2mdlhlpx.exe
[2012/07/19 20:56:33 | 000,000,132 | ---- | C] () -- C:\Users\Travis K. Vandell\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/19 13:15:00 | 000,001,456 | ---- | C] () -- C:\Users\Travis K. Vandell\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/20 15:20:54 | 000,103,272 | ---- | C] () -- C:\Users\Travis K. Vandell\GoToAssistDownloadHelper.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/08 10:41:27 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/08/02 09:00:39 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\com.prezi.PreziDesktop
[2014/11/12 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\ControlCenter4
[2015/01/22 10:05:27 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox
[2014/07/30 06:27:00 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\FileZilla
[2012/02/20 15:19:08 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\Fingertapps
[2013/04/27 12:07:14 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\Garmin
[2012/09/21 14:19:22 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\Nuance
[2012/11/08 11:23:59 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\Panasonic
[2012/10/01 13:20:00 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\PC-FAX TX
[2014/07/16 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\PCDr
[2013/05/09 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\Travis K. Vandell\AppData\Roaming\webex
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #4
    nancy32986

    nancy32986

      Member

    • Topic Starter
    • Member
    • PipPip
    • 55 posts
    # AdwCleaner v4.109 - Report created 26/01/2015 at 14:23:09
    # Updated 24/01/2015 by Xplode
    # Database : 2015-01-24.3 [Local]
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Travis K. Vandell - AWSUMCOMPUTER
    # Running from : C:\Users\Travis K. Vandell\Downloads\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\Yahoo! Companion
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    Folder Deleted : C:\Program Files (x86)\Coupons
    Folder Deleted : C:\Users\TRAVIS~1.VAN\AppData\Local\Temp\NetCrawl
    Folder Deleted : C:\Users\Travis K. Vandell\AppData\Local\Rocket
    Folder Deleted : C:\Users\Travis K. Vandell\Documents\Optimizer Pro
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Deleted : C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{98C24F4C-5689-4FB7-A505-ACF2AC30F416}
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\Rocket Browser
    Key Deleted : HKCU\Software\WSE Rocket
    Key Deleted : HKCU\Software\DriverSupport
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\Safer-Surf
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17496
     
     
    -\\ Google Chrome v
     
     
    *************************
     
    AdwCleaner[R0].txt - [7435 octets] - [26/01/2015 14:15:52]
    AdwCleaner[S0].txt - [6961 octets] - [26/01/2015 14:23:09]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7021 octets] ##########

    • 0

    #5
    nancy32986

    nancy32986

      Member

    • Topic Starter
    • Member
    • PipPip
    • 55 posts
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Travis K. Vandell on Mon 01/26/2015 at 14:28:41.79
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update sizlsearch
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util sizlsearch
    Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
    Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
    Successfully deleted: [File] "C:\Windows\wininit.ini"
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\pcdr"
    Successfully deleted: [Folder] "C:\Users\Travis K. Vandell\AppData\Roaming\pcdr"
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{02B3EEE2-7771-4C56-9E67-BC46F82F94FC}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{1D259D8E-A7A7-4A4A-8E44-9182660FD4DB}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{68D28547-B0E7-4366-AE3D-69C572066705}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{74F392CD-B44A-4CE5-B812-8B28C98B7532}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{7EE71CEF-EE9D-446A-BB21-666EA324605B}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{7EF96B4A-38C8-4292-ACC5-A9520046AC49}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{88EE9B9A-32E0-4112-BC7C-760C9C0C6B27}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{94FF87FA-D6CD-461E-B3F0-53AB515DEFEE}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{9515DEBB-AA02-4B36-9144-51C1020C645E}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{96E31502-1C23-4D48-B7AB-7D03ADFC7DA4}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{AB5D4DA8-0267-4A4D-904E-42E803D1FA43}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{AC6C9D15-6F71-43DB-BEC5-29FE211BB989}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{BAAE08B8-9D97-496B-819F-CD53CB72E888}
    Successfully deleted: [Empty Folder] C:\Users\Travis K. Vandell\appdata\local\{DA2CADA5-74C0-46A3-B534-24D3DB005355}
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/26/2015 at 14:35:58.51
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #6
    nancy32986

    nancy32986

      Member

    • Topic Starter
    • Member
    • PipPip
    • 55 posts
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by Travis K. Vandell (administrator) on AWSUMCOMPUTER on 26-01-2015 14:39:46
    Running from C:\Users\Travis K. Vandell\Downloads
    Loaded Profiles: UpdatusUser & Travis K. Vandell (Available profiles: UpdatusUser & Travis K. Vandell)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
    (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Google Inc.) C:\Users\Travis K. Vandell\AppData\Local\Google\Update\GoogleUpdate.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Cisco WebEx LLC) C:\WINDOWS\SysWOW64\atashost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    (Dropbox, Inc.) C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
    (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    (PJLM Software Inc.) C:\Program Files (x86)\Print Audit Inc\Print Audit 6\Client\pa6clhlp64.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (KYOCERA MITA CORPORATION) C:\Program Files (x86)\Kyocera\FileUtility\SFUSVC.exe
    (KYOCERA MITA Corporation) C:\Program Files (x86)\Kyocera\FileUtility\NsCatCom.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Google Inc.) C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
    (Google Inc.) C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\chrome.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    (Farbar) C:\Users\Travis K. Vandell\Downloads\FRST64 (1).exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [138096 2014-04-30] ()
    HKLM-x32\...\Run: [FAStartup] => [X]
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2014-09-04] (McAfee, Inc.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [96240 2012-02-14] (Sensible Vision )
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
    HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: ** <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
    HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
    HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
    HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
    HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\gotoassistdownloadhelper.exe <====== ATTENTION
    HKLM Group Policy restriction on software: %userprofile%\g2mdlhlpx.exe <====== ATTENTION
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-2193847311-342145055-1881253431-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-2193847311-342145055-1881253431-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2193847311-342145055-1881253431-1000\...\Run: [Google Update] => C:\Users\Travis K. Vandell\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-11] (Google Inc.)
    HKU\S-1-5-21-2193847311-342145055-1881253431-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2193847311-342145055-1881253431-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
    HKU\S-1-5-21-2193847311-342145055-1881253431-1000\...\MountPoints2: {bb9703c8-539e-11e1-87e5-806e6f6e6963} - D:\start.exe
    HKU\S-1-5-21-2193847311-342145055-1881253431-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2193847311-342145055-1881253431-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-2193847311-342145055-1881253431-1002\...\Run: [Google Update] => C:\Users\Travis K. Vandell\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-11] (Google Inc.)
    HKU\S-1-5-21-2193847311-342145055-1881253431-1002\...\Run: [GoogleChromeAutoLaunch_D6A784A3FCDC0360E16A6D507CFBE091] => C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
    HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [228672 2011-10-17] (NVIDIA Corporation)
    AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [194880 2011-10-17] (NVIDIA Corporation)
    Lsa: [Notification Packages] scecli FAPassSync
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Travis K. Vandell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2193847311-342145055-1881253431-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2193847311-342145055-1881253431-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    HKU\S-1-5-21-2193847311-342145055-1881253431-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
    HKU\S-1-5-21-2193847311-342145055-1881253431-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    URLSearchHook: HKU\S-1-5-21-2193847311-342145055-1881253431-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    SearchScopes: HKLM -> {E3AF575B-0E44-46FF-AB9D-7A39165257AE} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKLM-x32 -> {E3AF575B-0E44-46FF-AB9D-7A39165257AE} URL = http://www.bing.com/...rc=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2193847311-342145055-1881253431-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2193847311-342145055-1881253431-1002 -> {59520261-D72D-4BE9-85AD-D437F6D5F675} URL = http://search.yahoo....p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-2193847311-342145055-1881253431-1002 -> {E3AF575B-0E44-46FF-AB9D-7A39165257AE} URL = 
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-2193847311-342145055-1881253431-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    Toolbar: HKU\S-1-5-21-2193847311-342145055-1881253431-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bms7.webex.c...rt/ieatgpc1.cab
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.1.10.1
     
    FireFox:
    ========
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2193847311-342145055-1881253431-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Travis K. Vandell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2193847311-342145055-1881253431-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Travis K. Vandell\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Travis K. Vandell\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
    FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2012-05-01]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-30]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-09-03]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-10]
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-09-03]
    FF HKU\S-1-5-21-2193847311-342145055-1881253431-1002\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.espn.com/
    CHR StartupUrls: Default -> "hxxp://espn.go.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-05]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-12]
    CHR Extension: (YouTube) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-11]
    CHR Extension: (Google Search) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-11]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-10]
    CHR Extension: (SiteAdvisor) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-09-16]
    CHR Extension: (Page Analytics (by Google)) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2014-12-30]
    CHR Extension: (Switch) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfbikaejeiilikhlldnfbecpkbicmndn [2015-01-06]
    CHR Extension: (Cisco WebEx Extension) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-01-06]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11]
    CHR Extension: (Google Wallet) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR Extension: (LogMeIn) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-07-30]
    CHR Extension: (Gmail) - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-11]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-13]
    CHR HKU\S-1-5-21-2193847311-342145055-1881253431-1002\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TRAVIS~1.VAN\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-05]
    CHR HKU\S-1-5-21-2193847311-342145055-1881253431-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-13]
    StartMenuInternet: Google Chrome - C:\Users\Travis K. Vandell\AppData\Local\Google\Chrome\Application\chrome.exe
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-02-09] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-02-09] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
    S4 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
    R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8448944 2011-12-13] (DisplayLink Corp.)
    R2 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2451440 2012-02-14] (Sensible Vision ) [File not signed]
    R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
    S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
    R2 PA6ClientHelper; C:\Program Files (x86)\Print Audit Inc\Print Audit 6\Client\pa6clhlp64.exe [389496 2014-01-09] (PJLM Software Inc.)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
    R2 SFUSVC; C:\Program Files (x86)\Kyocera\FileUtility\SFUSVC.exe [61440 2003-09-16] (KYOCERA MITA CORPORATION) [File not signed]
    S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2012-02-09] (Creative Labs) [File not signed]
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    U3 AdobeFlashPlayerUpdateSvc; No ImagePath
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1800576 2010-08-27] (AVerMedia TECHNOLOGIES, Inc.)
    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
    U5 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    U5 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
    U5 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [76064 2014-08-26] (McAfee, Inc.)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
    S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [122472 2011-06-12] ()
    U2 0210561413476595mcinstcleanup; C:\Windows\TEMP\021056~1.EXE -cleanup -nolog
    U2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe"
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-26 14:39 - 2015-01-26 14:39 - 02129920 _____ (Farbar) C:\Users\Travis K. Vandell\Downloads\FRST64 (1).exe
    2015-01-26 14:35 - 2015-01-26 14:35 - 00003102 _____ () C:\Users\Travis K. Vandell\Desktop\JRT.txt
    2015-01-26 14:27 - 2015-01-26 14:27 - 01707939 _____ (Thisisu) C:\Users\Travis K. Vandell\Downloads\JRT.exe
    2015-01-26 14:26 - 2015-01-26 14:26 - 00007189 _____ () C:\Users\Travis K. Vandell\Desktop\AdwCleaner[S0].txt
    2015-01-26 14:15 - 2015-01-26 14:23 - 00000000 ____D () C:\AdwCleaner
    2015-01-26 14:15 - 2015-01-26 14:15 - 02194432 _____ () C:\Users\Travis K. Vandell\Downloads\AdwCleaner.exe
    2015-01-22 15:00 - 2015-01-22 15:00 - 00088828 _____ () C:\Users\Travis K. Vandell\Downloads\Extras.Txt
    2015-01-22 14:58 - 2015-01-22 14:58 - 00132300 _____ () C:\Users\Travis K. Vandell\Downloads\OTL.Txt
    2015-01-22 14:12 - 2015-01-22 14:12 - 00602112 _____ (OldTimer Tools) C:\Users\Travis K. Vandell\Downloads\OTL.exe
    2015-01-22 12:40 - 2015-01-22 12:41 - 122418480 _____ (Apple Inc.) C:\Users\Travis K. Vandell\Downloads\iTunes64Setup (6).exe
    2015-01-22 11:44 - 2015-01-22 11:44 - 60444886 _____ () C:\Users\Travis K. Vandell\Downloads\iPod_24.1.1.2.ipsw
    2015-01-22 11:26 - 2015-01-22 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-01-22 11:26 - 2015-01-22 11:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-01-22 11:26 - 2015-01-22 11:26 - 00000000 ____D () C:\Program Files\iTunes
    2015-01-22 11:26 - 2015-01-22 11:26 - 00000000 ____D () C:\Program Files\iPod
    2015-01-22 11:26 - 2015-01-22 11:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-01-22 11:24 - 2015-01-22 11:25 - 122418480 _____ (Apple Inc.) C:\Users\Travis K. Vandell\Downloads\iTunes64Setup (5).exe
    2015-01-21 14:57 - 2015-01-21 14:57 - 00021350 _____ () C:\Users\Travis K. Vandell\Downloads\Order_Limiting_Malpractice_Claims.xlsx
    2015-01-21 14:33 - 2015-01-21 14:33 - 00009184 _____ () C:\Users\Travis K. Vandell\Downloads\OCP_Motion (1).xlsx
    2015-01-21 10:35 - 2015-01-21 10:35 - 00013310 _____ () C:\Users\Travis K. Vandell\Downloads\Second-Day_Motions.xlsx
    2015-01-20 16:04 - 2015-01-20 16:05 - 00023346 _____ () C:\Users\Travis K. Vandell\Downloads\Operations_Report.xlsx
    2015-01-20 12:32 - 2015-01-20 12:32 - 00007547 _____ () C:\Users\Travis K. Vandell\Downloads\DDBCNutBrownAle.xml
    2015-01-20 11:37 - 2015-01-20 11:37 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-01-15 11:31 - 2015-01-15 11:31 - 00020860 _____ () C:\Users\Travis K. Vandell\Downloads\Order_Enforcing_the_Automatic_Stay.xlsx
    2015-01-15 11:23 - 2015-01-15 11:23 - 00008052 _____ () C:\Users\Travis K. Vandell\Downloads\Order_Dismissing_Esposito_Adversary.xlsx
    2015-01-14 09:21 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 09:21 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 09:21 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 09:21 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 09:21 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 09:21 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 09:21 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 09:21 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 09:21 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 09:21 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 09:21 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 09:21 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 09:21 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-09 12:07 - 2015-01-09 12:07 - 00000587 _____ () C:\Users\Travis K. Vandell\Downloads\vcardRomanowicz.vcf
    2015-01-08 12:34 - 2015-01-08 12:34 - 00011953 _____ () C:\Users\Travis K. Vandell\Downloads\vcard-25.vcf
    2015-01-07 13:59 - 2015-01-07 13:59 - 00016579 _____ () C:\Users\Travis K. Vandell\Downloads\Order_Scheduling_Omnibus_Hearings (4).xlsx
    2015-01-07 13:44 - 2015-01-07 13:44 - 00008420 _____ () C:\Users\Travis K. Vandell\Downloads\Amended_Ronnisch_Adversary_Complaint.xlsx
    2015-01-06 14:38 - 2015-01-06 14:38 - 00008419 _____ () C:\Users\Travis K. Vandell\Downloads\Ronnisch_Adversary_Documents.xlsx
    2015-01-06 12:29 - 2015-01-06 12:29 - 00008052 _____ () C:\Users\Travis K. Vandell\Downloads\Notice_of_Partial_Withdrawal_of_9th_Omnibus_Objection.xlsx
    2015-01-06 11:32 - 2015-01-06 11:32 - 00000000 ____D () C:\BMS
    2015-01-06 11:28 - 2015-01-06 11:28 - 00000000 ____D () C:\Program Files (x86)\triCerat
    2015-01-06 11:24 - 2015-01-06 11:24 - 00208168 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atsckernel.exe
    2015-01-06 11:24 - 2015-01-06 11:24 - 00118568 _____ (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    2015-01-06 11:24 - 2015-01-06 11:24 - 00000000 __SHD () C:\Users\Travis K. Vandell\AppData\Local\EmieBrowserModeList
    2015-01-06 11:21 - 2015-01-06 11:21 - 00220968 _____ (Cisco WebEx LLC) C:\Users\Travis K. Vandell\Downloads\,bms7,2040053010,2158604562,SC,1,SDJTSwAAAALXk_V6GZOUVporm82gMmvbfOQWOhcYUSX5EAROn0HrkQ2,1_webex.exe
    2015-01-06 11:18 - 2015-01-06 11:24 - 00000000 ____D () C:\Users\Travis K. Vandell\AppData\Local\WebEx
    2015-01-06 11:18 - 2015-01-06 11:18 - 00650568 _____ (Cisco WebEx LLC) C:\Users\Travis K. Vandell\Downloads\Cisco_WebEx_Add-On.exe
    2015-01-06 11:01 - 2015-01-06 11:01 - 00020819 _____ () C:\Users\Travis K. Vandell\Downloads\Stipulation_for_Assumption_and_Assignment_of_Certain_Contracts.xlsx
    2015-01-05 15:59 - 2015-01-05 15:59 - 00008249 _____ () C:\Users\Travis K. Vandell\Downloads\Objections_to_Motion_to_Withdraw_as_Counsel_to_Renck.xlsx
    2015-01-02 15:22 - 2015-01-02 15:22 - 00020839 _____ () C:\Users\Travis K. Vandell\Downloads\Notice_of_Sale_Closing.xlsx
    2015-01-02 12:18 - 2015-01-02 12:18 - 00008051 _____ () C:\Users\Travis K. Vandell\Downloads\Objection_to_Esposito_s_Motion_to_Reconsider.xlsx
    2014-12-30 10:38 - 2014-12-30 10:38 - 00046268 _____ () C:\Users\Travis K. Vandell\Downloads\Core 2002 List 141219 for website.xlsx
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-26 14:41 - 2012-10-02 07:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-26 14:39 - 2014-07-11 07:34 - 00046151 _____ () C:\Users\Travis K. Vandell\Downloads\FRST.txt
    2015-01-26 14:39 - 2014-07-11 07:34 - 00000000 ____D () C:\FRST
    2015-01-26 14:38 - 2009-07-13 21:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-26 14:38 - 2009-07-13 21:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-26 14:32 - 2009-07-13 22:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-26 14:29 - 2013-09-03 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-01-26 14:28 - 2014-07-09 07:42 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-26 14:27 - 2013-09-03 08:37 - 00000000 __RSD () C:\Users\Travis K. Vandell\Documents\McAfee Vaults
    2015-01-26 14:27 - 2012-07-13 12:39 - 00000000 ___RD () C:\Users\Travis K. Vandell\Dropbox
    2015-01-26 14:27 - 2012-07-13 12:38 - 00000000 ____D () C:\Users\Travis K. Vandell\AppData\Roaming\Dropbox
    2015-01-26 14:25 - 2012-07-23 21:01 - 00000000 ___RD () C:\Users\Travis K. Vandell\Google Drive
    2015-01-26 14:25 - 2012-02-09 21:25 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-01-26 14:24 - 2012-07-19 12:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-26 14:24 - 2010-11-20 20:47 - 00027064 _____ () C:\Windows\PFRO.log
    2015-01-26 14:24 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-26 14:24 - 2009-07-13 21:51 - 00168506 _____ () C:\Windows\setupact.log
    2015-01-26 14:23 - 2012-02-09 21:25 - 01948040 _____ () C:\Windows\WindowsUpdate.log
    2015-01-26 13:49 - 2014-06-24 20:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf9025557b63df.job
    2015-01-26 12:09 - 2013-05-21 12:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
    2015-01-26 11:55 - 2014-07-10 11:22 - 00000000 ____D () C:\Users\Travis K. Vandell\AppData\Local\Adobe
    2015-01-26 11:52 - 2014-10-28 08:46 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2193847311-342145055-1881253431-1002Core1cff2c650c4b0d9.job
    2015-01-22 11:26 - 2012-02-20 16:10 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2015-01-20 15:12 - 2014-08-15 08:45 - 00002026 ____H () C:\Users\Travis K. Vandell\Documents\Default.rdp
    2015-01-16 12:03 - 2013-09-03 08:36 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2015-01-15 03:09 - 2013-08-12 08:40 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 03:01 - 2012-03-04 12:26 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-13 15:42 - 2014-07-10 11:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-01-13 15:42 - 2012-02-09 20:11 - 00000000 ____D () C:\ProgramData\Adobe
    2015-01-06 11:41 - 2013-05-09 14:22 - 00000000 ____D () C:\ProgramData\WebEx
    2015-01-06 11:32 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
    2015-01-06 11:18 - 2012-02-20 15:21 - 00000000 ____D () C:\Users\Travis K. Vandell\AppData\Roaming\Mozilla
    2015-01-06 10:39 - 2012-07-11 20:47 - 00000000 ____D () C:\Users\Travis K. Vandell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-12-30 09:55 - 2012-07-13 12:38 - 00000000 ____D () C:\Users\Travis K. Vandell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-12-30 09:50 - 2013-03-13 16:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-30 09:50 - 2013-03-13 16:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-12-30 09:50 - 2009-07-13 22:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
     
    ==================== Files in the root of some directories =======
     
    2012-07-19 20:56 - 2014-04-02 10:25 - 0000132 _____ () C:\Users\Travis K. Vandell\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-07-19 13:15 - 2012-08-21 21:41 - 0001456 _____ () C:\Users\Travis K. Vandell\AppData\Local\Adobe Save for Web 12.0 Prefs
    2014-07-26 21:46 - 2014-07-26 21:46 - 0000000 _____ () C:\Users\Travis K. Vandell\AppData\Local\{EF74B404-F18C-4E5D-9B93-AB547CF08024}
    2012-03-16 18:26 - 2013-03-30 16:47 - 0007687 _____ () C:\ProgramData\hpzinstall.log
     
    Some content of TEMP:
    ====================
    C:\Users\Travis K. Vandell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphywpgb.dll
    C:\Users\Travis K. Vandell\AppData\Local\Temp\optprosetup.exe
    C:\Users\Travis K. Vandell\AppData\Local\Temp\Quarantine.exe
    C:\Users\Travis K. Vandell\AppData\Local\Temp\sqlite3.dll
     
     
    Some zero byte size files/folders:
    ==========================
    C:\Windows\SysWOW64\dlumd10.dll
    C:\Windows\SysWOW64\dlumd11.dll
    C:\Windows\SysWOW64\dlumd9.dll
    C:\Windows\System32\dlumd10.dll
    C:\Windows\System32\dlumd11.dll
    C:\Windows\System32\dlumd9.dll
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-26 11:53
     
    ==================== End Of Log ============================

    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,029 posts
    • MVP

    You did have a lot of adware but it seems to be gone.  Don't see any sign of malware but you can run an ESET scan if you want:

     

    Use IE and go to http://eset.com/onlinescan  and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
     
    # Check Scan Archives
    # Push the Start button.
    # ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. (Hours!)
    # When the scan completes, push LIST OF THREATS FOUND
    # Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    # Push the BACK button.
    # Push Finish
    # Once the scan is completed, you may close the window.
    # Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    # Copy and paste that log as a reply.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP