Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 Starts with blank white screen [Solved]


  • This topic is locked This topic is locked

#1
milly343

milly343

    New Member

  • Member
  • Pip
  • 4 posts
I did a google search for "windows 7 startup with blank white screen" in an effort to fix the problem myself and found this helpful website. I've read the previous posts and it seems this is a common problem. I hope I'm prepared for the help of one of your experts. I ran the Farbar Recovery Tool and I came up with this log. Let me know if anything else is needed before the next step.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-09-2013
Ran by Jeff (administrator) on JEFF-PC on 04-09-2013 17:33:25
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Steam] - D:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [Media Finder] - "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-18] (Google Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Jeff\AppData\Roaming\cache.dat [94208 2013-07-09] () <==== ATTENTION
MountPoints2: {34e51300-daa9-11df-a1c8-806e6f6e6963} - E:\setup.exe
MountPoints2: {4fe1d4fa-e73f-11e1-84ff-001fd05adeef} - F:\setup.exe -a
MountPoints2: {ef98c9d9-85a5-11e0-9fdb-001fd05adeef} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [296056 2012-06-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-552 revA\wirelesscm.exe (D-Link Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2304157
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...&ctid=CT2304157
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...000002191063547
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2304157
SearchScopes: HKCU - {BF5CDBD7-EC78-41F8-A1B1-01829572104D} URL = http://us.yhs4.searc...p={searchTerms}
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: MyTools Class - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\MyTools.dll (MyTools)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: General Crawler - C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Google Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (MyTools extension) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkbppmdgdfccoihhajoeflficbpgcnm\1.0_0
CHR Extension: (Google Search) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (TheBflix) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (General Crawler) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0
CHR Extension: (Skype Click to Call) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Shop With Purpose) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\Jeff\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [cnkbppmdgdfccoihhajoeflficbpgcnm] - C:\Program Files (x86)\MyTools\MyTools.crx
CHR HKLM-x32\...\Chrome\Extension: [hjakmojkcnhgipgkkbiempkfdndcnlah] - C:\ProgramData\TheBflix\hjakmojkcnhgipgkkbiempkfdndcnlah.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\Jeff\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Jeff\AppData\Local\Temp\YontooLayers.crx

==================== Services (Whitelisted) =================

S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-552 revA\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-03] ()
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{8ce9e14c-79df-1736-3b31-e274407d39cf}\ \...\???\{8ce9e14c-79df-1736-3b31-e274407d39cf}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 gdrv; C:\Windows\gdrv.sys [20544 2010-10-18] (Windows ® Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [20544 2010-10-18] (Windows ® Server 2003 DDK provider)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 usbbus; system32\DRIVERS\lgx64bus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [x]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 06:22 - 2013-08-30 16:57 - 00000004 _____ C:\Users\Jeff\AppData\Roaming\cache.ini
2013-08-29 02:33 - 2013-08-30 16:55 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Jeff.job
2013-08-29 02:33 - 2013-08-29 19:50 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Jeff.job
2013-08-29 02:33 - 2013-08-29 19:50 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Jeff.job
2013-08-29 02:33 - 2013-08-29 02:33 - 00003606 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Jeff
2013-08-29 02:33 - 2013-08-29 02:33 - 00002952 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Jeff
2013-08-29 02:33 - 2013-08-29 02:33 - 00002948 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Jeff
2013-08-29 02:33 - 2013-08-29 02:33 - 00002656 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Jeff
2013-08-14 03:06 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 03:06 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 03:06 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 03:06 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 03:06 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 03:06 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 03:06 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 03:06 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 03:06 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 03:06 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 03:06 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 03:06 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 03:06 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 03:06 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 03:00 - 2013-08-14 03:02 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 22:42 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 22:42 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 22:42 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 22:42 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 22:42 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 22:42 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 22:42 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 22:42 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 22:42 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 22:42 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 22:42 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 22:42 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 22:42 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 22:42 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 22:42 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 22:42 - 2013-07-09 00:53 - 00094208 _____ C:\Users\Jeff\AppData\Roaming\cache.dat
2013-08-13 22:42 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 22:42 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 22:42 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 22:42 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 22:42 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 22:42 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 22:42 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 22:42 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 22:42 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 22:42 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 22:42 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 22:42 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 22:42 - 2012-11-30 01:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-08-13 22:42 - 2012-11-30 01:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-08-13 22:42 - 2012-11-30 01:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-13 22:42 - 2012-11-30 01:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-08-13 22:42 - 2012-11-30 01:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 01:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-08-13 22:42 - 2012-11-30 00:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-13 22:42 - 2012-11-30 00:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-08-13 22:42 - 2012-11-29 23:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-08-13 22:42 - 2012-11-29 22:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-08-13 22:42 - 2012-11-29 22:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-13 22:42 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-13 22:42 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

==================== One Month Modified Files and Folders =======

2013-09-04 17:33 - 2013-09-04 17:33 - 00000000 ____D C:\FRST
2013-08-30 17:18 - 2010-10-18 13:43 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-30 17:18 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 17:18 - 2009-07-14 00:51 - 00053952 _____ C:\Windows\setupact.log
2013-08-30 16:57 - 2013-08-29 06:22 - 00000004 _____ C:\Users\Jeff\AppData\Roaming\cache.ini
2013-08-30 16:57 - 2010-10-18 04:22 - 02079092 _____ C:\Windows\WindowsUpdate.log
2013-08-30 16:57 - 2009-07-14 00:45 - 00010320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-30 16:57 - 2009-07-14 00:45 - 00010320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-30 16:55 - 2013-08-29 02:33 - 00000372 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Jeff.job
2013-08-30 16:55 - 2010-10-18 13:50 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-30 16:40 - 2010-10-18 13:50 - 00000000 ____D C:\Users\Jeff\AppData\Local\Google
2013-08-30 16:35 - 2009-07-14 01:13 - 00779116 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-30 16:21 - 2010-10-18 13:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 19:54 - 2012-03-07 14:39 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Skype
2013-08-29 19:50 - 2013-08-29 02:33 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Jeff.job
2013-08-29 19:50 - 2013-08-29 02:33 - 00000362 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Jeff.job
2013-08-29 18:50 - 2012-04-11 12:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 06:26 - 2013-02-13 13:58 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-29 06:17 - 2012-11-09 03:34 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 06:17 - 2010-10-18 13:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-29 02:33 - 2013-08-29 02:33 - 00003606 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Jeff
2013-08-29 02:33 - 2013-08-29 02:33 - 00002952 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Jeff
2013-08-29 02:33 - 2013-08-29 02:33 - 00002948 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Jeff
2013-08-29 02:33 - 2013-08-29 02:33 - 00002656 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Jeff
2013-08-28 17:43 - 2012-11-09 03:34 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-08-14 03:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 03:17 - 2012-04-11 12:51 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-14 03:17 - 2012-04-11 12:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-14 03:17 - 2011-05-23 21:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-14 03:17 - 2010-10-18 15:24 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
2013-08-14 03:02 - 2013-08-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 03:00 - 2010-10-18 15:40 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 16:48 - 2009-07-14 01:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-12 11:25 - 2011-09-27 12:42 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Origin
2013-08-12 11:25 - 2011-09-27 12:42 - 00000000 ____D C:\Users\Jeff\AppData\Local\Origin

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{8ce9e14c-79df-1736-3b31-e274407d39cf}
C:\Users\Jeff\AppData\Roaming\cache.dat
C:\Users\Jeff\AppData\Roaming\cache.ini
C:\Users\Jeff\AppData\Local\Temp\7za.exe
C:\Users\Jeff\AppData\Local\Temp\AskSLib.dll
C:\Users\Jeff\AppData\Local\Temp\babylon.exe
C:\Users\Jeff\AppData\Local\Temp\BestVideoDownloaderSetup-Silent.exe
C:\Users\Jeff\AppData\Local\Temp\contentDATs.exe
C:\Users\Jeff\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Jeff\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Jeff\AppData\Local\Temp\ffunzip.exe
C:\Users\Jeff\AppData\Local\Temp\htmlayout.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll-114861788.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll-114874798.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll1031875134.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll1031889704.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll1032013241.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll466804365.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll466807844.dll
C:\Users\Jeff\AppData\Local\Temp\installerdll466817173.dll
C:\Users\Jeff\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Jeff\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Jeff\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jeff\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Jeff\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Jeff\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Jeff\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jeff\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jeff\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Jeff\AppData\Local\Temp\lowproc.exe
C:\Users\Jeff\AppData\Local\Temp\Medal of Honor_uninst.exe
C:\Users\Jeff\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Jeff\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jeff\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jeff\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Jeff\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Jeff\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Jeff\AppData\Local\Temp\nvStInst.exe
C:\Users\Jeff\AppData\Local\Temp\OriginLauncher466804365.exe
C:\Users\Jeff\AppData\Local\Temp\prxGLF3B42.tmp.tbVuze.dll
C:\Users\Jeff\AppData\Local\Temp\rootsupd.exe
C:\Users\Jeff\AppData\Local\Temp\Setup.exe
C:\Users\Jeff\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jeff\AppData\Local\Temp\sonarinst.exe
C:\Users\Jeff\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Jeff\AppData\Local\Temp\stubhelper.dll
C:\Users\Jeff\AppData\Local\Temp\tbVuze.dll
C:\Users\Jeff\AppData\Local\Temp\TB_3368.exe
C:\Users\Jeff\AppData\Local\Temp\Uninstaller-5248.exe
C:\Users\Jeff\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Jeff\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Jeff\AppData\Local\Temp\vzf-5270425295302617493.dll
C:\Users\Jeff\AppData\Local\Temp\vzf-9155066908513026826.dll
C:\Users\Jeff\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Jeff\AppData\Local\Temp\YontooIEClient.dll
C:\Users\Jeff\AppData\Local\Temp\YontooSetup-Silent.exe
C:\Users\Jeff\AppData\Local\Temp\~rnsetup\GEMSETUP\pnrs3260.dll
C:\Users\Jeff\AppData\Local\Temp\{F1B6C551-C87B-4821-B452-6997CAE3DD6F}\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\InstallHelper.dll
C:\Users\Jeff\AppData\Local\Temp\SOERedist\DSETUP.dll
C:\Users\Jeff\AppData\Local\Temp\SOERedist\dsetup32.dll
C:\Users\Jeff\AppData\Local\Temp\SOERedist\DXSETUP.exe
C:\Users\Jeff\AppData\Local\Temp\SOERedist\dxwebsetup.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA723847245\GPU_Reader.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA1077266571\GPU_Reader.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA-849711486\GPU_Reader.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA-1620166804\GPU_Reader.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\setup.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NvVAD\nvaudcap32v.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NvVAD\nvaudcap64v.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NvVAD\nvgenco32.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NvVAD\nvgenco64.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NVI2\NVI2.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NVI2\NVI2UI.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NVI2\NVPrxy32.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NVI2\NVPrxy64.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\NVI2\ReleaseHighlights.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\MS.NET\MSNetExt.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\clrzmq.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\detoured.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\libzmq.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\nvFBC.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\nvsteamsupport.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\nvstreamsvc.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\protobuf-net.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\rxinput.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\x86\server\steam_api.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\amd64\server\detoured.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\amd64\server\libzmq.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\amd64\server\nvFBC.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\amd64\server\nvsteamsupport.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\amd64\server\rxinput.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience.NvStreamSrv\amd64\server\steam_api64.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\7z.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\DisplayCplExt.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\ExtensionLoader.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\GFExperience.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\GFExperienceControls.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\GFExperienceCore.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\GFExperienceExt.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\GridService.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\InstallerService.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\InstallerUIExtension.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\log4net.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\NVIDIA.Settings.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\NVIDIA.Settings.Properties.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\NVIDIA.UpdateService.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\NVIDIA.Win32Api.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\nvtmru.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\oaremote_plugin.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\ShadowPlay.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\System.Reactive.Core.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\System.Reactive.Interfaces.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\System.Reactive.Linq.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\System.Reactive.Providers.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\System.Windows.Interactivity.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\en-US\GFExperience.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\ComUpdatus.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\daemonu.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\easyDaemonAPIU32.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\easyDaemonAPIU64.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\nvupdt32.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\nvupdt64.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\nvupdtr32.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\nvupdtr64.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\nvupdtrXP32.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\nvupdtrXP64.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\nvupdtXP32.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\nvupdtXP64.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\UpdateExt.dll
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Update\WLMerger.exe
C:\Users\Jeff\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\7.2.17.0\Display.Optimus\OptimusExt.dll
C:\Users\Jeff\AppData\Local\Temp\mtka_tmp\dsspacker_launcher.exe
C:\Users\Jeff\AppData\Local\Temp\MozUpdater-2\updater.exe
C:\Users\Jeff\AppData\Local\Temp\MozUpdater-1\updater.exe
C:\Users\Jeff\AppData\Local\Temp\MozUpdater\updater.exe
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\Setup.exe
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupEngine.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUi.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\SetupUtility.exe
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\sqmapi.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3082\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\3076\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2070\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\2052\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1055\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1053\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1049\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1046\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1045\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1044\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1043\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1042\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1041\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1040\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1038\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1037\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1036\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1035\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1033\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1032\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1031\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1030\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1029\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1028\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_4.0.30319\1025\SetupResources.dll
C:\Users\Jeff\AppData\Local\Temp\lu\1_spp_setpointp.exe
C:\Users\Jeff\AppData\Local\Temp\lu\2_spp_1000083.exe
C:\Users\Jeff\AppData\Local\Temp\ispF987.tmp\_Setup.dll
C:\Users\Jeff\AppData\Local\Temp\is-NHTAT.tmp\MF_setup.exe
C:\Users\Jeff\AppData\Local\Temp\fla920B.tmp\gamefly_update_1.2.364.exe
C:\Users\Jeff\AppData\Local\Temp\E8AA1C18-BAB0-7891-ADE7-42702EFD1E9F\BabylonTBUpdater.dll
C:\Users\Jeff\AppData\Local\Temp\E8AA1C18-BAB0-7891-ADE7-42702EFD1E9F\BabylonTBUpdater.exe
C:\Users\Jeff\AppData\Local\Temp\E8AA1C18-BAB0-7891-ADE7-42702EFD1E9F\MyBabylonTB.exe
C:\Users\Jeff\AppData\Local\Temp\E8AA1C18-BAB0-7891-ADE7-42702EFD1E9F\Setup.exe
C:\Users\Jeff\AppData\Local\Temp\E8AA1C18-BAB0-7891-ADE7-42702EFD1E9F\sqlite3.dll
C:\Users\Jeff\AppData\Local\Temp\e4j17E5.tmp_dir31338\i4jdel.exe
C:\Users\Jeff\AppData\Local\Temp\e4j12A5.tmp_dir6833\i4jdel.exe
C:\Users\Jeff\AppData\Local\Temp\E27C.dir\InstallFlashPlayer.exe
C:\Users\Jeff\AppData\Local\Temp\ct2504091\components\RadioWMPCoreGecko19.dll
C:\Users\Jeff\AppData\Local\Temp\ct2504091\components\RadioWMPCoreGecko5.dll
C:\Users\Jeff\AppData\Local\Temp\ct2504091\components\RadioWMPCoreGecko6.dll
C:\Users\Jeff\AppData\Local\Temp\ct2504091\components\RadioWMPCoreGecko7.dll
C:\Users\Jeff\AppData\Local\Temp\com.nvidia\NVIDIA GPU_Reader\1.3.3\GPU_Reader.dll
C:\Users\Jeff\AppData\Local\Temp\com.nvidia\NVIDIA GPU_Reader\1.3.1\GPU_Reader.dll
C:\Users\Jeff\AppData\Local\Temp\CFAA.dir\InstallFlashPlayer.exe
C:\Users\Jeff\AppData\Local\Temp\BF2A.dir\InstallFlashPlayer.exe
C:\Users\Jeff\AppData\Local\Temp\Addons\9B107AAC\bflix_extension.exe
C:\Users\Jeff\AppData\Local\Temp\Addons\9B107AAC\mytools.exe
C:\Users\Jeff\AppData\Local\Temp\Addons\9B107AAC\mytools_extension.exe
C:\Users\Jeff\AppData\Local\Temp\875.dir\InstallFlashPlayer.exe
C:\Users\Jeff\AppData\Local\Temp\1323.dir\InstallFlashPlayer.exe
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\GoogleEarth.exe
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Jeff\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-08-22 00:44

==================== End Of Log ============================
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there this first fix should get you to the desktop, then once there I will have a second fix for you to run to clear zero access

Download the attached fixlist.txt to the same USB as FRST
[attachment=67851:fixlist.txt]
Run FRST as before and then press Fix
A log will be generated and saved on the USB please post that.


NEXT

Reboot to normal windows
Copy FRST from the USB drive to your desktop
Download to the desktop the attached fixlist.txt
[attachment=67852:fixlist.txt]
Run FRST from the desktop and press fix
Again a log will be produced

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#3
milly343

milly343

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you for the speedy reply. I can see my Desktop again! Here are the logs.

1st fix log from USB:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-09-2013
Ran by SYSTEM at 2013-11-26 16:33:10 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Jeff\AppData\Roaming\cache.dat [94208 2013-07-09] () <==== ATTENTION
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)
URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2304157
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...&ctid=CT2304157
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...000002191063547
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2304157
SearchScopes: HKCU - {BF5CDBD7-EC78-41F8-A1B1-01829572104D} URL = http://us.yhs4.searc...p={searchTerms}
BHO-x32: MyTools Class - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\MyTools.dll (MyTools)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} - No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF Extension: General Crawler - C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
CHR Extension: (General Crawler) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0
CHR Extension: (Shop With Purpose) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0
CHR HKLM-x32\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Jeff\AppData\Local\Temp\YontooLayers.crx
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{8ce9e14c-79df-1736-3b31-e274407d39cf}\ \...\???\{8ce9e14c-79df-1736-3b31-e274407d39cf}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Program Files (x86)\Google\Desktop\Install\{8ce9e14c-79df-1736-3b31-e274407d39cf}
C:\Users\Jeff\AppData\Roaming\cache.dat
C:\Users\Jeff\AppData\Roaming\cache.ini
C:\Users\Jeff\AppData\Local\Temp\7za.exe


*****************

HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Jeff\AppData\Roaming\cache.dat [94208 2013-07-09] () <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File => Error: The entry should be fixed outside recovery mode.
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File => Error: The entry should be fixed outside recovery mode.
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2304157 => Error: The entry should be fixed outside recovery mode.
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...&ctid=CT2304157 => Error: The entry should be fixed outside recovery mode.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...000002191063547 => Error: The entry should be fixed outside recovery mode.
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2304157 => Error: The entry should be fixed outside recovery mode.
SearchScopes: HKCU - {BF5CDBD7-EC78-41F8-A1B1-01829572104D} URL = http://us.yhs4.searc...p={searchTerms} => Error: The entry should be fixed outside recovery mode.
BHO-x32: MyTools Class - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\MyTools.dll (MyTools) => Error: The entry should be fixed outside recovery mode.
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) => Error: The entry should be fixed outside recovery mode.
BHO-x32: WeCareReminder Class - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com) => Error: The entry should be fixed outside recovery mode.
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) => Error: The entry should be fixed outside recovery mode.
Toolbar: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.) => Error: The entry should be fixed outside recovery mode.
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) => Error: The entry should be fixed outside recovery mode.
Toolbar: HKCU - No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File => Error: The entry should be fixed outside recovery mode.
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File => Error: The entry should be fixed outside recovery mode.
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File => Error: The entry should be fixed outside recovery mode.
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} - No File => Error: The entry should be fixed outside recovery mode.
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml => Error: The entry should be fixed outside recovery mode.
FF Extension: General Crawler - C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] => Error: The entry should be fixed outside recovery mode.
CHR Extension: (General Crawler) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0 => Error: The entry should be fixed outside recovery mode.
CHR Extension: (Shop With Purpose) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0 => Error: The entry should be fixed outside recovery mode.
CHR HKLM-x32\...\Chrome\Extension: [lkpmjnommfoljgjbckjmjhkmnhfmcmon] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx => Error: The entry should be fixed outside recovery mode.
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Jeff\AppData\Local\Temp\YontooLayers.crx => Error: The entry should be fixed outside recovery mode.
*etadpug => Unable to delete service
*etadpug => Service should be removed with FRST outside recovery mode.
C:\Program Files (x86)\Google\Desktop\Install\{8ce9e14c-79df-1736-3b31-e274407d39cf} => Moved successfully.
C:\Users\Jeff\AppData\Roaming\cache.dat => Moved successfully.
C:\Users\Jeff\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\Jeff\AppData\Local\Temp\7za.exe => Moved successfully.

==== End of Fixlog ====

2nd fix log from Desktop:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-09-2013
Ran by Jeff at 2013-11-26 16:48:34 Run:2
Running from C:\Users\Jeff\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

OTL.txt:
OTL logfile created on: 11/26/2013 4:58:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.93% Memory free
8.00 Gb Paging File | 6.07 Gb Available in Paging File | 75.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.00 Gb Total Space | 1.40 Gb Free Space | 1.38% Space Free | Partition Type: NTFS
Drive D: | 830.41 Gb Total Space | 47.35 Gb Free Space | 5.70% Space Free | Partition Type: NTFS
Drive F: | 15.01 Gb Total Space | 14.97 Gb Free Space | 99.75% Space Free | Partition Type: FAT32

Computer Name: JEFF-PC | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/26 16:37:16 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/03 15:00:00 | 000,531,424 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\Install\{9B20B669-3B9D-4FAA-A36E-AB4B95C978FD}\GoogleToolbarInstaller_updater_signed.exe
PRC - [2013/09/04 17:37:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
PRC - [2013/07/27 03:41:25 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/07/27 03:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/07/27 03:35:26 | 001,209,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013/07/03 17:43:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/07/01 14:28:16 | 000,196,896 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
PRC - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2013/07/01 14:28:16 | 000,083,232 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
PRC - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
PRC - [2013/07/01 14:28:12 | 003,623,200 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
PRC - [2013/06/21 04:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/03/12 06:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/09 21:59:24 | 002,885,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
PRC - [2012/08/09 21:58:18 | 002,589,184 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
PRC - [2012/06/13 15:48:40 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/17 10:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2010/05/14 14:24:24 | 000,517,440 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-552 revA\wirelesscm.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/09 22:00:44 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
MOD - [2012/08/09 22:00:24 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
MOD - [2009/10/07 15:58:10 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-552 revA\WlanDll.dll
MOD - [2009/09/08 17:04:32 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-552 revA\WLanWps.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/07/27 03:49:33 | 014,984,480 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2013/11/26 16:50:34 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/27 03:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/07/03 17:43:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/07/01 14:28:12 | 003,623,200 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/06/21 04:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/17 10:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/26 18:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\DWA-552 revA\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/14 14:28:40 | 000,039,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/02 01:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/21 10:13:24 | 001,601,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/18 03:59:04 | 000,030,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2010/02/23 06:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 11:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/15 02:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV - [2010/10/18 03:34:46 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E E6 48 B3 9E 6E CB 01 [binary data]
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002191063547
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADSA_enUS402
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/07 21:15:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/07 21:15:13 | 000,000,000 | ---D | M]

[2012/02/28 00:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2010/10/18 12:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\extensions
[2010/10/18 12:46:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/01/08 04:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\nnvclgfi.default\extensions
[2013/05/25 12:10:27 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\nnvclgfi.default\extensions\[email protected]
[2013/03/12 02:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/26 23:21:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/26 23:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/26 23:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/06/13 15:48:47 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/10/30 22:01:50 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Google Docs = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: MyTools extension = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkbppmdgdfccoihhajoeflficbpgcnm\1.0_0\
CHR - Extension: Google Search = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: TheBflix = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: General Crawler = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Shop With Purpose = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\
CHR - Extension: Google Wallet = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Google Wallet = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MyTools Class) - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\mytools.dll (MyTools)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-18..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001..\Run: [BackgroundContainer] C:\Users\Jeff\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O4 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001..\Run: [Steam] D:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\Sendori.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1003\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1003\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1003\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1003\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97121134-D363-4107-8FB7-34A398277F46}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001 Winlogon: Shell - (C:\Users\Jeff\AppData\Roaming\cache.dat) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34e51300-daa9-11df-a1c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{34e51300-daa9-11df-a1c8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{4fe1d4fa-e73f-11e1-84ff-001fd05adeef}\Shell - "" = AutoRun
O33 - MountPoints2\{4fe1d4fa-e73f-11e1-84ff-001fd05adeef}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{ef98c9d9-85a5-11e0-9fdb-001fd05adeef}\Shell - "" = AutoRun
O33 - MountPoints2\{ef98c9d9-85a5-11e0-9fdb-001fd05adeef}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 16:48:18 | 001,950,668 | ---- | C] (Farbar) -- C:\Users\Jeff\Desktop\FRST64.exe
[2013/11/26 16:44:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/11/26 16:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/26 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/26 16:58:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 16:56:55 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/26 16:50:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 16:50:32 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/26 16:50:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/26 16:43:26 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_Jeff.job
[2013/11/26 16:43:26 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_Jeff.job
[2013/11/26 16:43:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 16:37:46 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/11/26 16:37:46 | 000,001,891 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/11/26 16:37:19 | 000,779,116 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/26 16:37:19 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/26 16:37:19 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/26 16:35:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 16:35:15 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/26 16:43:26 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_Jeff.job
[2013/11/26 16:43:24 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_Jeff.job
[2013/11/26 16:37:46 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/07/01 16:23:59 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/07 18:33:16 | 000,000,022 | ---- | C] () -- C:\Windows\GPU-Z.INI
[2012/01/17 10:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/27 17:37:47 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Azureus
[2011/10/30 22:01:48 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Babylon
[2011/10/30 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\FrostWire
[2013/06/08 01:04:12 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\GameFly
[2010/11/17 14:02:42 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Leadertech
[2012/07/05 22:39:15 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Media Finder
[2012/11/09 02:34:38 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\OpenCandy
[2013/08/12 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Origin
[2011/05/13 14:45:09 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Sammsoft
[2013/07/27 00:26:03 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Stardock
[2011/02/19 02:05:21 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TS3Client
[2012/06/16 02:40:18 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
No service found with a name of PolicyAgent
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 08:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 08:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 08:27:23 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,586 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/18 12:50:09 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/10/18 12:50:09 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 11:51:22 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/11/26 16:43:24 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\ReclaimerResumeInstall_Jeff.job
[2013/11/26 16:43:26 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\ReclaimerResumeInstallLogin_Jeff.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is E687-030F
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Jeff
10/18/2010 03:23 AM <JUNCTION> Application Data [C:\Users\Jeff\AppData\Roaming]
10/18/2010 03:23 AM <JUNCTION> Cookies [C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies]
10/18/2010 03:23 AM <JUNCTION> Local Settings [C:\Users\Jeff\AppData\Local]
10/18/2010 03:23 AM <JUNCTION> My Documents [C:\Users\Jeff\Documents]
10/18/2010 03:23 AM <JUNCTION> NetHood [C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/18/2010 03:23 AM <JUNCTION> PrintHood [C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/18/2010 03:23 AM <JUNCTION> Recent [C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Recent]
10/18/2010 03:23 AM <JUNCTION> SendTo [C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\SendTo]
10/18/2010 03:23 AM <JUNCTION> Start Menu [C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu]
10/18/2010 03:23 AM <JUNCTION> Templates [C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Jeff\AppData\Local
10/18/2010 03:23 AM <JUNCTION> Application Data [C:\Users\Jeff\AppData\Local]
10/18/2010 03:23 AM <JUNCTION> History [C:\Users\Jeff\AppData\Local\Microsoft\Windows\History]
10/18/2010 03:23 AM <JUNCTION> Temporary Internet Files [C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Jeff\Documents
10/18/2010 03:23 AM <JUNCTION> My Music [C:\Users\Jeff\Music]
10/18/2010 03:23 AM <JUNCTION> My Pictures [C:\Users\Jeff\Pictures]
10/18/2010 03:23 AM <JUNCTION> My Videos [C:\Users\Jeff\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
09/29/2011 02:32 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
09/29/2011 02:32 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
09/29/2011 02:32 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
09/29/2011 02:32 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
09/29/2011 02:32 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/29/2011 02:32 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/29/2011 02:32 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
09/29/2011 02:32 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
09/29/2011 02:32 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
09/29/2011 02:32 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
09/29/2011 02:32 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
09/29/2011 02:32 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
09/29/2011 02:32 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
09/29/2011 02:32 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
09/29/2011 02:32 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
09/29/2011 02:32 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
05/25/2011 11:53 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
05/25/2011 11:53 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
05/25/2011 11:53 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
05/25/2011 11:53 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
05/25/2011 11:53 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/25/2011 11:53 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/25/2011 11:53 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
05/25/2011 11:53 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
05/25/2011 11:53 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
05/25/2011 11:53 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
05/25/2011 11:53 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
05/25/2011 11:53 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
05/25/2011 11:53 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
05/25/2011 11:53 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
05/25/2011 11:53 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
05/25/2011 11:53 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
05/25/2011 11:53 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
05/25/2011 11:53 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
05/25/2011 11:53 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
05/25/2011 11:53 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
05/25/2011 11:53 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/25/2011 11:53 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/25/2011 11:53 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
05/25/2011 11:53 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
05/25/2011 11:53 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
05/25/2011 11:53 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
05/25/2011 11:53 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
05/25/2011 11:53 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
05/25/2011 11:53 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
05/25/2011 11:53 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
05/25/2011 11:53 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
05/25/2011 11:53 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
98 Dir(s) 1,166,450,688 bytes free

< End of report >

and finally, Extras.txt:
OTL Extras logfile created on: 11/26/2013 4:58:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.93% Memory free
8.00 Gb Paging File | 6.07 Gb Available in Paging File | 75.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.00 Gb Total Space | 1.40 Gb Free Space | 1.38% Space Free | Partition Type: NTFS
Drive D: | 830.41 Gb Total Space | 47.35 Gb Free Space | 5.70% Space Free | Partition Type: NTFS
Drive F: | 15.01 Gb Total Space | 14.97 Gb Free Space | 99.75% Space Free | Partition Type: FAT32

Computer Name: JEFF-PC | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BFD590F-1D73-3533-E734-FDDAC3746E4A}" = AMD Catalyst Install Manager
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5BECA583-A49D-4C21-ADFD-89C844F1F1A1}" = Wing Commander Saga 1.1.0.7822
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 7.2.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.1
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6FD24B4-34A3-4635-8ECD-7B5C791EAE5F}" = Wing Commander Saga 1.0.2.7795
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SP6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.00 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = CleanWaterAction Reminder by We-Care.com v5.0.5.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor ™
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-552
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD® Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A071F478-73E0-4143-AE55-4DD6BABD74F5}" = Far Cry 3 Blood Dragon
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{Clear Sky Complete v1.1.3}}_is1" = Clear Sky Complete
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4
"3DP Chip" = 3DP Chip v13.05
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Battlelog Web Plugins" = Battlelog Web Plugins
"Crysis WARHEAD®" = Crysis WARHEAD®
"Crysis WARHEAD® Patch" = Crysis WARHEAD® Patch
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"FAKEFACTORY CM10V10.90" = FAKEFACTORY Cinematic Mod V10
"ffdshow_is1" = ffdshow [rev 3069] [2009-09-07]
"GameFly" = GameFly
"GameStop App" = GameStop App
"Google Chrome" = Google Chrome
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.4 (Full)
"MyTools" = MyTools
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"Rockstar Games Social Club" = Rockstar Games Social Club
"Sendori" = Sendori
"Star Trek Online" = Star Trek Online
"StarCraft II" = StarCraft II
"Steam App 10680" = Aliens vs. Predator
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 204100" = Max Payne 3
"Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 43110" = Metro 2033
"Steam App 43160" = Metro: Last Light
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 57900" = Duke Nukem Forever
"Steam App 620" = Portal 2
"Steam App 9200" = RAGE
"Steam App 99830" = Crysis 2
"StepMania" = StepMania 3.9b (remove only)
"Uplay" = Uplay
"Virtual Magnifying Glass_is1" = Virtual Magnifying Glass v3.5
"Vodei Multimedia Processor" = Vodei Multimedia Processor 2.10
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3690330738-3177370601-1595637657-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"SOE-C:/Users/Jeff/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-D:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"SOE-PlanetSide 2 Beta" = PlanetSide 2 Beta

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2013 4:57:55 PM | Computer Name = Jeff-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x800706BE

Error - 8/30/2013 5:18:41 PM | Computer Name = Jeff-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 8/30/2013 5:18:42 PM | Computer Name = Jeff-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/26/2013 5:25:44 PM | Computer Name = Jeff-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/26/2013 5:25:46 PM | Computer Name = Jeff-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/26/2013 5:35:43 PM | Computer Name = Jeff-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/26/2013 5:35:45 PM | Computer Name = Jeff-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 11/26/2013 5:36:39 PM | Computer Name = Jeff-PC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C532

Error - 11/26/2013 5:36:39 PM | Computer Name = Jeff-PC | Source = Software Protection Platform Service | ID = 8208
Description = Acquisition of genuine ticket failed (hr=0xC004C532) for template
Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error - 11/26/2013 5:48:13 PM | Computer Name = Jeff-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 10.0.9200.16660 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1944 Start
Time: 01ceeaf01bd3e18e Termination Time: 8 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ SendoriLogs Events ]
Error - 7/26/2013 12:45:28 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 7/26/2013 12:50:47 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 7/26/2013 12:55:35 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 7/26/2013 1:00:27 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 7/26/2013 1:05:44 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 7/26/2013 1:10:39 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 7/26/2013 1:15:33 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 7/26/2013 1:27:09 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 7/26/2013 1:32:07 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 8/28/2013 5:43:07 PM | Computer Name = Jeff-PC | Source = SendoriLog | ID = 99
Description = on service stopRetrieving the COM class factory for component with
CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error:
80070424.

[ System Events ]
Error - 9/4/2013 5:29:58 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD DfsC discache JSWPSLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
ws2ifsl

Error - 11/26/2013 5:25:44 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 11/26/2013 5:26:23 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7043
Description = The Group Policy Client service did not shut down properly after receiving
a preshutdown control.

Error - 11/26/2013 5:26:26 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7024
Description = The Superfetch service terminated with service-specific error %%0.

Error - 11/26/2013 5:35:43 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 11/26/2013 5:37:09 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7022
Description = The Service Sendori service hung on starting.

Error - 11/26/2013 5:37:58 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 11/26/2013 5:37:58 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 11/26/2013 5:39:47 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 11/26/2013 5:39:47 PM | Computer Name = Jeff-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053


< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we are getting there :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002191063547
IE - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2304157
[2010/10/18 12:46:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2013/05/25 12:10:27 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\nnvclgfi.default\extensions\[email protected]
[2011/10/30 22:01:50 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O2 - BHO: (MyTools Class) - {C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\MyTools\mytools.dll (MyTools)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfi0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKU\.DEFAULT..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-18..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001..\Run: [BackgroundContainer] C:\Users\Jeff\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O20 - HKU\S-1-5-21-3690330738-3177370601-1595637657-1001 Winlogon: Shell - (C:\Users\Jeff\AppData\Roaming\cache.dat) - File not found
[2011/10/30 22:01:48 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Babylon
[2012/11/09 02:34:38 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\OpenCandy

:Files
C:\ProgramData\WeCareReminder
C:\Users\Jeff\AppData\Local\Conduit
C:\Program Files (x86)\Ask.com

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    [img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
milly343

milly343

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Everything seems to be running fine as far as I can tell. No issues to report. Here is the Combofix log. I hope you had a wonderful Thanksgiving! :)

ComboFix 13-11-27.01 - Jeff 12/01/2013 3:28.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2657 [GMT -5:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\100
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\hjakmojkcnhgipgkkbiempkfdndcnlah.crx
c:\programdata\TheBflix\settings.ini
c:\programdata\TheBflix\uninstall.exe
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-11-01 to 2013-12-01 )))))))))))))))))))))))))))))))
.
.
2013-12-01 07:51 . 2013-12-01 07:51 -------- d-----w- C:\_OTL
2013-11-27 00:19 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-27 00:16 . 2013-11-27 00:16 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-11-26 23:48 . 2013-11-26 23:48 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-11-26 23:18 . 2013-11-26 23:18 -------- d-----w- c:\programdata\Oracle
2013-11-26 23:16 . 2013-11-26 23:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-26 23:16 . 2013-10-08 12:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-26 23:07 . 2013-11-26 23:07 -------- d-----w- c:\users\Jeff\AppData\Local\NVIDIA Corporation
2013-11-26 22:50 . 2013-11-26 22:50 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 22:30 . 2013-11-14 11:55 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-11-26 22:30 . 2013-11-14 11:55 1064224 ----a-w- c:\windows\system32\nvspcap64.dll
2013-11-26 22:29 . 2013-09-27 23:01 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-11-26 22:29 . 2013-09-27 23:01 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-11-26 21:48 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-11-26 21:37 . 2013-11-26 21:37 -------- d-----w- c:\program files\McAfee Security Scan
2013-11-11 13:59 . 2013-11-11 13:59 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-27 00:16 . 2013-11-27 00:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-11-26 22:50 . 2011-05-24 01:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 11:55 . 2013-05-11 06:45 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-14 11:55 . 2012-10-11 02:22 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-14 11:55 . 2010-10-18 17:42 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-11 15:02 . 2011-01-08 00:49 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-11 15:02 . 2011-01-08 00:49 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-11 15:01 . 2011-01-08 00:48 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-11 15:01 . 2011-01-08 00:48 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-11 15:01 . 2010-10-08 06:22 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-11 15:01 . 2013-05-07 23:24 3467927 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-07 21:00 . 2010-10-18 19:40 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-09-27 23:01 . 2013-07-31 19:56 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-13 296056]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-552 revA\wirelesscm.exe [2011-9-27 517440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\D-Link\DWA-552 revA\jswpsapi.exe;c:\program files (x86)\D-Link\DWA-552 revA\jswpsapi.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-26 21:56 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:50]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 17:50]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 17:50]
.
2013-11-29 c:\windows\Tasks\ReclaimerUpdateFiles_Jeff.job
- c:\users\Jeff\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-26 21:43]
.
2013-12-01 c:\windows\Tasks\ReclaimerUpdateXML_Jeff.job
- c:\users\Jeff\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-26 21:43]
.
2013-12-01 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Jeff.job
- c:\users\Jeff\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-26 21:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-14 1064224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=1
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\programdata\TheBflix\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3690330738-3177370601-1595637657-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f9,7a,4f,70,cb,94,18,ef,2e,4e,f9,11,9b,14,f6,8e,25,13,5a,d3,1f,bf,b1,
fd,97,cb,fe,9a,c6,e6,f7,bc,37,8c,92,ae,2e,0c,50,1a,4a,43,0f,f6,cc,c2,50,de,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-3690330738-3177370601-1595637657-1001\Software\SecuROM\License information*]
"datasecu"=hex:66,03,24,f1,59,5b,58,d6,4f,86,6c,51,2a,04,d1,4d,b4,c9,c2,f2,b2,
d5,59,21,b5,6e,00,7e,57,3a,4c,3a,58,8c,55,12,cc,ee,d2,1a,8c,54,af,71,8f,78,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\01\1f\027\14?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\program files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2013-12-01 03:39:40 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-01 08:39
.
Pre-Run: 7,747,620,864 bytes free
Post-Run: 7,525,871,616 bytes free
.
- - End Of File - - 5FF38832528CB7AB038599387BC8D3A6
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#7
milly343

milly343

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you for all your help! One last note, everything seems to be working just fine but I do get this error message upon startup:

There was a problem starting
C:\Users\Jeff\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

The Specified module could not be found.

As I said, I'm not noticing any problems.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Darn conduit.. OK that is running from the scheduled tasks

Download and run Autoruns

Select the Scheduled Tasks tab
Locate the conduit entry and remove the tick
Posted Image
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP